Skip to content

Microsoft Copilot Studio agents can reach your enterprise MCP servers through the Aembit Model Context Protocol: A standard protocol for AI agent and server interactions that defines how AI assistants communicate with external tools and data sources.Learn more(opens in new tab) Identity Gateway. Copilot Studio connects to the Gateway as an MCP Client: An application (such as Claude Desktop, Claude Code, or Gemini CLI) that connects to MCP servers to access tools and resources on behalf of users.Learn more, and the Gateway enforces your Aembit Access Policy: Access Policies define, enforce, and audit access between Client and Server Workloads by cryptographically verifying workload identity and contextual factors rather than relying on static secrets.Learn more and presents per-user credentials to each downstream MCP server.

This guide covers the Copilot Studio side of the connection. For the Aembit Tenant configuration, see Set up the MCP Identity Gateway.

The following diagram shows the high-level flow from a Copilot Studio agent through the Gateway to an MCP server:

Copilot Studio agent connecting through the Aembit MCP Identity Gateway to an MCP server
  1. A Copilot Studio agent connects to the Gateway over Streamable HTTP transport and presents an OAuth 2.0 access token that identifies the agent and user.
  2. The Gateway validates the token, requests policy evaluation from Aembit Cloud, and proxies the request to the target MCP server using credentials that Aembit manages.
  3. The MCP server processes the request and returns a response.
  4. The Gateway relays the response back to the Copilot Studio agent.

Copilot Studio never receives credentials for the MCP server. The Gateway handles credential exchange on each request.

Before you begin, ensure you have:

  • A provisioned MCP Identity Gateway endpoint running version 1.32.5006 or higher.
  • Both Access Policies from Set up the MCP Identity Gateway configured and active: client-to-Gateway and Gateway-to-server.
  • A Microsoft Copilot Studio tenant with licensing that allows custom agents and tools.
  • Permission in Copilot Studio to create agents, add tools, and create connections.
  • An Aembit role that can edit the Client Workload: Client Workloads represent software applications, scripts, or automated processes that initiate access requests to Server Workloads, operating autonomously without direct user interaction.Learn more for the client-to-Gateway policy, so you can add the Copilot Studio redirect URI.

If you don’t already have an agent to connect, create one.

  1. In Copilot Studio, go to Agents and click + Create a Blank Agent.
  2. Enter a name for the agent.
  3. Click Create.

Create a tool that points Copilot Studio at your Gateway endpoint.

  1. In Copilot Studio, go to Tools and click + New Tool.

  2. Select Model Context Protocol.

  3. Configure the tool with the following settings:

    FieldValue
    Friendly nameA short, descriptive name for the tool
    Server descriptionA required description of the MCP server
    MCP Gateway URLYour Gateway endpoint with the /mcp path suffix (for example, https://<gateway-host>/mcp)
    AuthenticationSelect OAuth 2.0
    TypeSelect Dynamic Discovery
  4. Click Create. After Copilot Studio creates the tool, refresh your browser to see it.

Assign the tool to your agent and complete the OAuth connection. The first connection attempt surfaces the Copilot Studio redirect URI in Aembit, which you then add to the Client Workload.

  1. In Copilot Studio, go to Agents, open your agent, and select the Tools tab.

  2. Click + Add a tool, select All, and search for your tool’s friendly name.

  3. Select the tool, open the Not Connected dropdown, and click Create new connection, then Create. An OAuth pop-up opens and Copilot Studio attempts to authenticate.

  4. Capture the redirect URI and add it to the Client Workload:

    1. In your Aembit Tenant, open MCP Authorization Tracing: A live view in the Aembit Tenant that surfaces each inbound authorization request as MCP Identity Gateway receives it, including the redirect URI, resource, matched Client Workload, and Access Policy outcome.Learn more to view the inbound authorization request and copy the full redirect URI.
    2. Add the redirect URI to the Client Workload in your client-to-Gateway Access Policy.

    For testing, the wildcard redirect URI https://global.consent.azure-apim.net/redirect/* is acceptable. For production, add the exact redirect URI captured from MCP Authorization Tracing.

  5. Retry the connection. Complete single sign-on (SSO) and the OAuth consent flow. When the connection succeeds, the dropdown turns green.

  6. Click + Add and Configure. This step fetches the OAuth access token.

  1. Open your agent and click Test.
  2. Ask the agent: “What MCP tools do you have access to?” Copilot Studio prompts you to connect first.
  3. Click Connect, then Submit to establish the MCP connection.
  4. Return to the Test panel and click Retry. The agent lists the tools available through the Gateway.

Connect the Microsoft MCP Server for Enterprise (Microsoft Graph)

Section titled “Connect the Microsoft MCP Server for Enterprise (Microsoft Graph)”

The Microsoft MCP Server for Enterprise, which exposes Microsoft Graph, doesn’t support OAuth discovery. Configure its Credential Provider: Credential Providers obtain the specific access credentials—such as API keys, OAuth tokens, or temporary cloud credentials—that Client Workloads need to authenticate to Server Workloads.Learn more manually in the Gateway-to-server Access Policy. Use the MCP User-Based Access Token Credential Provider type.

Before configuring the Credential Provider, register an application in Microsoft Entra ID:

  1. Create the Aembit Credential Provider first (without the OAuth client values) to obtain its ID.
  2. In Microsoft Entra ID, create a single-tenant app registration with the Web platform and redirect URI https://<your-tenant>/userauth/<cp_id>/callback, where <cp_id> is the Credential Provider ID.
  3. Copy the Application (client) ID for use as the Client ID.
  4. Create a client secret and copy its Value for use as the Client Secret.
  5. Add the Microsoft MCP Server for Enterprise API permission. Granting the permission requires the Application Administrator or Cloud Application Administrator role.
  6. Note your Microsoft Entra tenant ID (a GUID) for the OAuth URLs.

Then configure the MCP User-Based Access Token Credential Provider in the Gateway-to-server Access Policy. For the full configuration reference, see Configure MCP User-Based Access Token. Because discovery isn’t available for this server, enter the OAuth values manually:

FieldValue
MCP Server URLmcp.svc.cloud.microsoft/enterprise
Authorization URLhttps://login.microsoftonline.com/<azure-tenant-id>/oauth2/v2.0/authorize
Token URLhttps://login.microsoftonline.com/<azure-tenant-id>/oauth2/v2.0/token
Scopesapi://e8c77dc2-69b3-43f4-bc51-3213c9d915b4/.default
Resourcee8c77dc2-69b3-43f4-bc51-3213c9d915b4
Client IDThe Application (client) ID from your app registration
Client SecretThe client secret value from your app registration
PKCE RequiredEnabled

For the matching Server Workload: Server Workloads represent target services, APIs, databases, or applications that receive and respond to access requests from Client Workloads.Learn more, use these values:

FieldValue
Hostmcp.svc.cloud.microsoft
Port443 (TLS enabled)
URL Path/enterprise
Application ProtocolMCP

Copilot Studio has some limitations. The following guidance helps you work with them.

In practice, Copilot Studio drops tools once the total across your assigned MCP servers exceeds 70, showing an error message instead of loading them all.

Because the Gateway returns tools in the order the upstream servers respond, the specific tools that drop vary between sessions.

To stay within the limit:

  • Assign fewer Access Policies to each agent.
  • Use Copilot Studio’s per-tool toggles to enable only the tools the agent needs.
  • Split integrations across child agents, where each child agent has its own tool budget.
  • Keep Server Workload and Credential Provider names to 15 characters or fewer. Longer names can cause silent connection failures.
  • Keep MCP tool names to 64 characters or fewer, including the server-name prefix that the Gateway adds.

Copilot Studio caches the list of tools it loads from the Gateway. After a Gateway upgrade or a policy change, refresh your browser or delete and recreate the tool so Copilot Studio re-reads the current tool list.