|
| 1 | +--- |
| 2 | +title: Use Microsoft MCP Server for Enterprise from Microsoft Foundry |
| 3 | +description: "Learn how to connect Microsoft MCP Server for Enterprise as a tool in your Microsoft Foundry project to query Microsoft Entra data using natural language." |
| 4 | +author: msewaweru |
| 5 | +ms.author: eunicewaweru |
| 6 | +ms.reviewer: FaithOmbongi |
| 7 | +ms.subservice: ent-mcp-server |
| 8 | +ms.topic: how-to |
| 9 | +ms.date: 04/15/2026 |
| 10 | +ms.custom: msecd-doc-authoring-106 |
| 11 | + |
| 12 | +#customer intent: As a developer or an IT administrator, I want to integrate Microsoft MCP Server for Enterprise into my Microsoft Foundry agent so that I can query Microsoft Entra data using natural language. |
| 13 | +--- |
| 14 | + |
| 15 | +# Use Microsoft MCP Server for Enterprise from Microsoft Foundry |
| 16 | + |
| 17 | +The [Microsoft MCP Server for Enterprise](overview.md) enables AI agents to query data in your Microsoft Entra tenant by using natural language. This article shows you how to connect the MCP Server as a tool in your Microsoft Foundry project and start querying your organization's data. |
| 18 | + |
| 19 | +## Prerequisites |
| 20 | + |
| 21 | +- A Microsoft Entra tenant. |
| 22 | +- An admin user account in the tenant with the following roles assigned in the [Microsoft Entra admin center](https://entra.microsoft.com): |
| 23 | + - [**Cloud Application Administrator**](/entra/identity/role-based-access-control/permissions-reference#cloud-application-administrator) — required to create the app registration and grant admin consent. |
| 24 | + - Appropriate directory roles for the Graph operations your agent performs — required so the MCP Server can execute Graph API calls on behalf of the signed-in user. |
| 25 | + - At least [**Azure AI Developer**](/azure/role-based-access-control/built-in-roles/ai-machine-learning#azure-ai-developer) role scoped to the Microsoft Foundry project resource to connect tools and use agents. |
| 26 | +- Complete the MCP Server provisioning steps in [Get started with the Microsoft MCP Server for Enterprise](get-started.md). For more information, see [MCP Server for Enterprise documentation](https://aka.ms/MCPServerForEnterprise). |
| 27 | +- A [client app registration](/entra/identity-platform/quickstart-register-app) in Microsoft Entra with the following configuration: |
| 28 | + - **Application (client) ID** — Note this value for use during setup. |
| 29 | + - **Client secret** — Go to **Certificates & secrets** > **Client secrets** and create a new secret. Copy the secret **value** for use during setup. |
| 30 | + - Assign the `MCP.*` API permissions to your app registration and grant admin consent. For more information, see [MCP Server for Enterprise documentation](https://aka.ms/MCPServerForEnterprise). |
| 31 | +- A Microsoft Foundry project with at least one agent configured. |
| 32 | + |
| 33 | +## Connect the MCP Server as a tool in Microsoft Foundry |
| 34 | + |
| 35 | +Use the custom OAuth provider option to connect your app registration to the Microsoft MCP Server for Enterprise endpoint. |
| 36 | + |
| 37 | +1. In the [Microsoft Foundry portal](https://ai.azure.com/), make sure you're using the **New Foundry** UI and navigate to your project. |
| 38 | + |
| 39 | +1. In the sidebar menu, select **Tools**, and then select **Connect a tool**. |
| 40 | + |
| 41 | +1. Under **Catalog**, search for **Microsoft MCP Server for Enterprise**, and then select **Create**. |
| 42 | + |
| 43 | +1. For **OAuth Provider**, select **Custom** to use your own OAuth app registration for token exchange. |
| 44 | + |
| 45 | +1. Provide the following configuration: |
| 46 | + |
| 47 | + | Field | Value | |
| 48 | + |---|---| |
| 49 | + | **Name** | Enter a unique identifier for the tool connection. | |
| 50 | + | **Client ID** | The application (client) ID from your app registration. | |
| 51 | + | **Client Secret** | The client secret value from your app registration. | |
| 52 | + | **Token URL**, **Auth URL**, and **Refresh URL** | These fields are prepopulated. Replace `organizations` with your tenant ID if your Microsoft Foundry project and app registration are in different tenants. Otherwise, leave `organizations` as the default value. | |
| 53 | + |
| 54 | +1. Select **Connect**, and then copy the **Redirect URL** provided. |
| 55 | + |
| 56 | +1. Return to your Microsoft Entra app registration, go to **Authentication**, add the redirect URL as a redirect URI, and save your changes. |
| 57 | + |
| 58 | +## Query Microsoft Entra data |
| 59 | + |
| 60 | +After you connect the Microsoft MCP Server for Enterprise tool, add it to an agent and start querying your organization's data using natural language. |
| 61 | + |
| 62 | +1. In the Microsoft Foundry sidebar, go to **Agents** and select an existing agent or create a new one. |
| 63 | + |
| 64 | +1. In the agent configuration, add the Microsoft MCP Server for Enterprise tool you connected in the previous section. |
| 65 | + |
| 66 | +### Sign in and authorize access |
| 67 | + |
| 68 | +When you first use the tool, the agent prompts you to sign in and authorize access. |
| 69 | + |
| 70 | +1. Select **Open consent** when prompted to sign in. |
| 71 | + |
| 72 | +1. Follow the authentication prompts to grant access. You typically don't need to sign in again until the connection expires or is disconnected. |
| 73 | + |
| 74 | +1. Approve each MCP tool call as prompted during query execution. |
| 75 | + |
| 76 | +### Example queries |
| 77 | + |
| 78 | +After you sign in, you can ask questions such as: |
| 79 | + |
| 80 | +- "How many users are in my tenant?" |
| 81 | +- "Which users haven't signed in for the last 30 days?" |
| 82 | +- "Show me all guest users with admin roles." |
| 83 | + |
| 84 | +## Related content |
| 85 | + |
| 86 | +- [Overview of Microsoft MCP Server for Enterprise](overview.md) |
| 87 | +- [Sample prompts for Microsoft MCP Server for Enterprise](mcp-server-sample-prompts.md) |
| 88 | +- [Set up authentication for MCP tools in Microsoft Foundry](/azure/foundry/agents/how-to/mcp-authentication) |
0 commit comments