Seeking Guidance: Integrating Azure Function App-hosted MCP Server with Copilot Agent

(0) Share

Report

Posted on by AN-05021105-0 Microsoft Employee

Context:
We've built an MCP (Model Context Protocol) server hosted on an Azure Function App that provides SQL database tools (ListTables, DescribeTable, ReadData, etc.). Currently works great with VS Code MCP client. Now we want to connect this MCP directly to a Copilot agent and publish it to MS Teams, to eliminate the overhead of separate webapp hosting, app-level authentication.

Our Current Setup:

MCP Server: Azure Function App (C#, .NET 8)
MCP Endpoint: https://{function-app}.azurewebsites.net/runtime/webhooks/mcp/sse
Tools Exposed: SQL database query tools (read-only)
Current Auth: Easy Auth (Entra ID) with OAuth for MCP clients (Work in progress)
host.json config: "DefaultAuthorizationLevel": "anonymous" (platform handles OAuth)

Questions for the Community:

1️⃣ Authentication Mechanism for Agent ↔ MCP Connection
What auth mechanism does Copilot agent use when connecting to an external MCP server?
Is it OAuth/bearer token? Managed Identity? Something else?
Do we need to preauthorize a specific Copilot agent client ID (like we did for VS Code)?
If using OAuth, what scopes does the agent request?

2️⃣ Network Connectivity
What are the networking requirements between Copilot agent and a Function App-hosted MCP?
Does the Function App need to be publicly accessible, or can it work with VNet integration/Private Endpoints?
Are there specific IP ranges or service tags to allowlist for Copilot agent traffic?

3️⃣ Identity Flow
When the agent calls MCP tools, does the user's identity flow through (like VS Code MCP)?
Or does it use a service principal/managed identity for the agent itself?
This matters for our RBAC - we enforce role-based access based on user's security group membership.

The goal is for users to ask Copilot questions like "What's the Windows laptop market share?" and have the agent call our MCP tools to query the database and return results. Has anyone successfully integrated an Azure Function App-hosted MCP with a Copilot agent? Would love to hear about:

Configuration steps
Auth setup that worked
Any gotchas when hosting MCP on Azure Function App specifically?
Any documentation references

Thanks in advance!

Categories:

Autonomous agents

Building Copilot Studio chatbots in Microsoft Teams

Copilot Studio pre-built agents/templates

Model context protocol

I have the same question (0)

All responses (2)

Answers (0)

Sort by

Suggested answer

sannavajjala87 224 Super User 2026 Season 1 on at

Like (0)

Report
Copy link

Link copied!
Hi,

Copilot Studio no longer supports SSE after Aug 2025. Use the Streamable transport for MCP. Your current /mcp/sse endpoint will not work with Copilot Studio now.

Copilot Studio supports None, API key, and OAuth 2.0 for MCP. For enterprise scenarios, use OAuth 2.0 (Authorization Code flow); the agent gets a user‑delegated token to call your MCP. Scopes are defined by your MCP resource (your Entra app/API).

MCP connections in Copilot Studio ride on Power Platform connector infrastructure, so you can use public HTTPS or private endpoints via Power Platform Virtual Network support (Managed Environment + VNet). If you don’t use a VNet, allow‑list the managed connectors outbound IPs for your region.

With M365 Agents Toolkit or Copilot Studio publish flows, OAuth redirects are supported (for declarative agents, Teams uses the teams.microsoft.com OAuth redirect). The token the agent holds is user‑delegated, not a tenant‑wide service principal—unless you architect it that way.

Switch transport to Streamable

Update your MCP hosting to support Streamable (SSE is deprecated for Copilot Studio since Aug 2025). If you used the Functions MCP extension or self‑hosted SDK, follow the Streamable guidance.

Harden OAuth on your MCP

Server app (resource) in Entra: define scopes/roles (e.g., Mcp.Tools.ReadOnly).

Client app: register the app your connector/agent uses; pre‑authorize this client on the server app (optional).

In Functions, keep Easy Auth enabled so requests require a valid bearer token.

Add MCP to your Copilot Studio agent

In Copilot Studio → Tools → Add tool → New tool → Model Context Protocol.

Enter the MCP Server URL (Streamable endpoint), description, and select OAuth 2.0. Complete the wizard to create a connection. (The wizard supports None/API key/OAuth.)

(Optional) Private networking

Convert your PP environment to Managed Environment, enable Virtual Network support, and attach to your Azure VNet with private endpoints for the Function App. Else, allow‑list managed connector outbound IPs for your region on your firewall.

Agent instructions & tool discoverability

Keep the MCP server description precise; the orchestrator uses it to decide when to call your tools. Import only the read‑only SQL tools into the agent.

Publish to Teams

From Copilot Studio, publish the agent to Microsoft Teams. OAuth prompts will appear where required and tokens are issued via the Teams experience (user‑delegated).

Was this reply helpful? Yes No

AN-05021105-0 Microsoft Employee on at

Like (0)

Report

Copy link

Link copied!

I'm trying to connect Copilot Studio to a custom MCP Server hosted on Azure Functions using Dynamic OAuth mode. The DCR (Dynamic Client Registration) endpoints I implemented work perfectly when tested from command line, but Copilot Studio gets a 403 Forbidden error. I've exhausted my troubleshooting options and need help identifying what's different about Copilot Studio's requests.

Setup Summary:
Constraints (org policy):

❌ No client secrets allowed
❌ Cannot use "Allow requests from any application" in Easy Auth
❌ API keys not supported

What I configured:

Component	Configuration
App Registration	Single-tenant, exposed scopes, redirect URI from Copilot Studio added
Easy Auth	Microsoft provider, allowedApplications with Power Platform client IDs
Excluded Paths	/.well-known/, /register, /register/
IP Restrictions	CopilotActions, PowerPlatformInfra, PowerPlatformPlex, AzureConnectors service tags allowed
Custom DCR Endpoints	Implemented RFC 7591/8414/9728 since Entra ID doesn't support DCR natively

Copilot Studio Settings:

Auth Type: OAuth 2.0 → Dynamic
Authorization/Token URLs pointing to Entra ID

The Problem:
Error: GetDynamicClientRegistrationResultAsync failed. Status Code: Forbidden

What works (tested via curl/PowerShell):

✅ GET /.well-known/oauth-protected-resource → 200 OK
✅ GET /.well-known/oauth-authorization-server → 200 OK
✅ POST /register → 201 Created (returns client_id/secret)

What fails:

Copilot Studio gets 403 when attempting the same DCR flow.

Questions:

What client IDs / source IPs does Copilot Studio use for DCR requests in Dynamic OAuth mode?
Are there additional service tags needed beyond CopilotActions, PowerPlatformInfra, PowerPlatformPlex?
Does Copilot Studio send headers that might bypass Easy Auth's excluded paths?
Has anyone successfully used Dynamic OAuth with Azure Functions + IP restrictions + Easy Auth allowedApplications?

Any insights appreciated!