Your APIs are becoming tools.
Your users are becoming agents.
Your platform needs to adapt.
Azure API Management is becoming the secure, scalable control plane for connecting agents, tools, and APIs — with governance built in.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
Today, we’re announcing two major updates to bring the power of the Model Context Protocol (MCP) in Azure API Management to more environments and scenarios:
- MCP support in v2 SKUs — now in public preview
- Expose existing MCP-compliant servers through API Management
These features make it easier than ever to connect APIs and agents with enterprise-grade control—without rewriting your backends.
Why MCP?
MCP is an open protocol that enables AI agents—like GitHub Copilot, ChatGPT, and Azure OpenAI—to discover and invoke APIs as tools. It turns traditional REST APIs into structured, secure tools that agents can call during execution — powering real-time, context-aware workflows.
Why API Management for MCP?
Azure API Management is the single, secure control plane for exposing and governing MCP capabilities — whether from your REST APIs, Azure-hosted services, or external MCP-compliant runtimes.
With built-in support for:
- Security using OAuth 2.1, Microsoft Entra ID, API keys, IP filtering, and rate limiting.
- Outbound token injection via Credential Manager with policy-based routing.
- Monitoring and diagnostics using Azure Monitor, Logs, and Application Insights.
- Discovery and reuse with Azure API Center integration.
- Comprehensive policy engine for request/response transformation, caching, validation, header manipulation, throttling, and more.
…you get end-to-end governance for both inbound and outbound agent interactions — with no new infrastructure or code rewrites.
✅ What’s New?
1. MCP support in v2 SKUs
Previously available only in classic tiers (Basic, Standard, Premium), MCP support is now in public preview for v2 SKUs — Basic v2, Standard v2, and Premium v2 — with no pre-requisites or manual enablement required.
You can now:
- Expose any REST API as an MCP server in v2 SKUs
- Protect it with Microsoft Entra ID, keys or tokens
- Register tools in Azure API Center
2. Expose existing MCP-compliant servers (pass-through scenario)
Already using tools hosted in Logic Apps, Azure Functions, LangChain or custom runtimes? Now you can govern those external tool servers by exposing them through API Management.
Use API Management to:
- Secure external MCP servers with OAuth, rate limits, and Credential Manager
- Monitor and log usage with Azure Monitor and Application Insights
- Unify discovery with internal tools via Azure API Center
🔗 You bring the tools. API Management brings the governance.
🧭 What’s Next
We’re actively expanding MCP capabilities in API Management:
- Tool-level access policies for granular governance
- Support for MCP resources and prompts to expand beyond tools
📚 Get Started
- 📘 Expose APIs as MCP servers
- 🌐 Connect external MCP servers
- 🔐 Secure access to MCP servers
- 🔎 Discover tools in API Center
Summary
Azure API Management is your single control plane for agents, tools and APIs — whether you're building internal copilots or connecting external toolchains. This preview unlocks more flexibility, less friction, and a secure foundation for the next wave of agent-powered applications.
No new infrastructure. Secure by default. Built for the future.
Microsoft
