đ New in Azure API Management: MCP in v2 SKUs + external MCP-compliant server support
Your APIs are becoming tools. Your users are becoming agents. Your platform needs to adapt. Azure API Management is becoming the secure, scalable control plane for connecting agents, tools, and APIs â with governance built in. -------------------------------------------------------------------------------------------------------------------------------------------------------------------- Today, weâre announcing two major updates to bring the power of the Model Context Protocol (MCP) in Azure API Management to more environments and scenarios: MCP support in v2 SKUs â now in public preview Expose existing MCP-compliant servers through API Management These features make it easier than ever to connect APIs and agents with enterprise-grade controlâwithout rewriting your backends. Why MCP? MCP is an open protocol that enables AI agentsâlike GitHub Copilot, ChatGPT, and Azure OpenAIâto discover and invoke APIs as tools. It turns traditional REST APIs into structured, secure tools that agents can call during execution â powering real-time, context-aware workflows. Why API Management for MCP? Azure API Management is the single, secure control plane for exposing and governing MCP capabilities â whether from your REST APIs, Azure-hosted services, or external MCP-compliant runtimes. With built-in support for: Security using OAuth 2.1, Microsoft Entra ID, API keys, IP filtering, and rate limiting. Outbound token injection via Credential Manager with policy-based routing. Monitoring and diagnostics using Azure Monitor, Logs, and Application Insights. Discovery and reuse with Azure API Center integration. Comprehensive policy engine for request/response transformation, caching, validation, header manipulation, throttling, and more. âŚyou get end-to-end governance for both inbound and outbound agent interactions â with no new infrastructure or code rewrites. â Whatâs New? 1. MCP support in v2 SKUs Previously available only in classic tiers (Basic, Standard, Premium), MCP support is now in public preview for v2 SKUs â Basic v2, Standard v2, and Premium v2 â with no pre-requisites or manual enablement required. You can now: Expose any REST API as an MCP server in v2 SKUs Protect it with Microsoft Entra ID, keys or tokens Register tools in Azure API Center 2. Expose existing MCP-compliant servers (pass-through scenario) Already using tools hosted in Logic Apps, Azure Functions, LangChain or custom runtimes? Now you can govern those external tool servers by exposing them through API Management. Use API Management to: Secure external MCP servers with OAuth, rate limits, and Credential Manager Monitor and log usage with Azure Monitor and Application Insights Unify discovery with internal tools via Azure API Center đ You bring the tools. API Management brings the governance. đ§ Whatâs Next Weâre actively expanding MCP capabilities in API Management: Tool-level access policies for granular governance Support for MCP resources and prompts to expand beyond tools đ Get Started đ Expose APIs as MCP servers đ Connect external MCP servers đ Secure access to MCP servers đ Discover tools in API Center Summary Azure API Management is your single control plane for agents, tools and APIs â whether you're building internal copilots or connecting external toolchains. This preview unlocks more flexibility, less friction, and a secure foundation for the next wave of agent-powered applications. No new infrastructure. Secure by default. Built for the future.
Troubleshoot Az Module within Logic App Standard
In Logic App Standard, you can use Powershell Code, using the Execute Powershell Script action If your powershell script depends on Az Module, then the logic app will try to download and install the Az Module within the runtime In some cases, when the logic app is VNET integrated (has NSG, or routed to Virtual Appliance), or hosted within internal ASE, the logic app will be unable to reach the needed Powershell endpoints, and the download would fail, and the action would fail with below error This can be seen within the log folder in Kudo site (Path: C:\home\LogFiles\Application\Functions\Function\Powershell), and the error would appear as: Exception: Failed to install function app dependencies. Error: 'Failed to install function app dependencies. Error: 'The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Unable to save the module 'Az'.' To troubleshoot this, you need to assure that logic app can reach the needed urls, you can try the simple below steps: From Kudo console, you can try this curl command: curl https://cdn.powershellgallery.com/packages/az.accounts.5.1.1.nupkg --output az.accounts.5.1.1.nupkg It should respond as below: If there is reachability issue, you would see the below response: Also, you can test by creating simple workflow, as below: When you run the HTTP action, it should succeed, however, if you have reachability issue, it would fail as below: This means logic app cannot reach the needed endpoint, which are clarified in our documentation (Troubleshooting cmdlets - PowerShell | Microsoft Learn) To resolve this, assure that the NSG, Firewall, or Virtual appliance allows the logic app to reach the mentioned endpoints., Another scenario where the Az module installation could fail, is if the storage account capacity is almost utilized, and there is no space available to download the Az module, you can confirm this by only referencing the Az.Accounts module; as this module is small in size. if the Az.Accounts module worked, then the issue is highly likely due to storage capacityAzure API Management Your Auth Gateway For MCP Servers
The Model Context Protocol (MCP) is quickly becoming the standard for integrating Tools đ ď¸ with Agents đ¤ and Azure API Management is at the fore-front, ready to support this open-source protocol đ. You may have already encountered discussions about MCP, so let's clarify some key concepts: Model Context Protocol (MCP) is a standardized way, (a protocol), for AI models to interact with external tools, (and either read data or perform actions) and to enrich context for ANY language models. AI Agents/Assistants are autonomous LLM-powered applications with the ability to use tools to connect to external services required to accomplish tasks on behalf of users. Tools are components made available to Agents allowing them to interact with external systems, perform computation, and take actions to achieve specific goals. Azure API Management: As a platform-as-a-service, API Management supports the complete API lifecycle, enabling organizations to create, publish, secure, and analyze APIs with built-in governance, security, analytics, and scalability. New Cool Kid in Town - MCP AI Agents are becoming widely adopted due to enhanced Large Language Model (LLM) capabilities. However, even the most advanced models face limitations due to their isolation from external data. Each new data source requires custom implementations to extract, prepare, and make data accessible for any model(s). - A lot of heavy lifting. Anthropic developed an open-source standard - the Model Context Protocol (MCP), to connect your agents to external data sources such as local data sources (databases or computer files) or remote services (systems available over the internet through e.g. APIs). MCP Hosts: LLM applications such as chat apps or AI assistant in your IDEs (like GitHub Copilot in VS Code) that need to access external capabilities MCP Clients: Protocol clients that maintain 1:1 connections with servers, inside the host application MCP Servers: Lightweight programs that each expose specific capabilities and provide context, tools, and prompts to clients MCP Protocol: Transport layer in the middle At its core, MCP follows a client-server architecture where a host application can connect to multiple servers. Whenever your MCP host or client needs a tool, it is going to connect to the MCP server. The MCP server will then connect to for example a database or an API. MCP hosts and servers will connect with each other through the MCP protocol. You can create your own custom MCP Servers that connect to your or organizational data sources. For a quick start, please visit our GitHub repository to learn how to build a remote MCP server using Azure Functions without authentication: https://aka.ms/mcp-remote Remote vs. Local MCP Servers The MCP standard supports two modes of operation: Remote MCP servers: MCP clients connect to MCP servers over the Internet, establishing a connection using HTTP and Server-Sent Events (SSE), and authorizing the MCP client access to resources on the user's account using OAuth. Local MCP servers: MCP clients connect to MCP servers on the same machine, using stdio as a local transport method. Azure API Management as the AI Auth Gateway Now that we have learned that MCP servers can connect to remote services through an API. The question now rises, how can we expose our remote MCP servers in a secure and scalable way? This is where Azure API Management comes in. A way that we can securely and safely expose tools as MCP servers. Azure API Management provides: Security: AI agents often need to access sensitive data. API Management as a remote MCP proxy safeguards organizational data through authentication and authorization. Scalability: As the number of LLM interactions and external tool integrations grows, API Management ensures the system can handle the load. Security remains to be a critical piece of building MCP servers, as agents will need to securely connect to protected endpoints (tools) to perform certain actions or read protected data. When building remote MCP servers, you need a way to allow users to login (Authenticate) and allow them to grant the MCP client access to resources on their account (Authorization). MCP - Current Authorization Challenges State: 4/10/2025 Recent changes in MCP authorization have sparked significant debate within the community. đ đđ˛đ đđľđŽđšđšđ˛đťđ´đ˛đ with the Authorization Changes: The MCP server is now treated as both a resource server AND an authorization server. This dual role has fundamental implications for MCP server developers and runtime operations. đĄ đ˘đđż đŚđźđšđđđśđźđť: To address these challenges, we recommend using đđđđżđ˛ đđŁđ đ đŽđťđŽđ´đ˛đşđ˛đťđ as your authorization gateway for remote MCP servers. đFor an enterprise-ready solution, please check out our azd up sample repo to learn how to build a remote MCP server using Azure API Management as your authentication gateway: https://aka.ms/mcp-remote-apim-auth The Authorization Flow The workflow involves three core components: the MCP client, the APIM Gateway, and the MCP server, with Microsoft Entra managing authentication (AuthN) and authorization (AuthZ). Using the OAuth protocol, the client starts by calling the APIM Gateway, which redirects the user to Entra for login and consent. Once authenticated, Entra provides an access token to the Gateway, which then exchanges a code with the client to generate an MCP server token. This token allows the client to communicate securely with the server via the Gateway, ensuring user validation and scope verification. Finally, the MCP server establishes a session key for ongoing communication through a dedicated message endpoint. Diagram source: https://aka.ms/mcp-remote-apim-auth-diagram Conclusion Azure API Management (APIM) is an essential tool for enterprise customers looking to integrate AI models with external tools using the Model Context Protocol (MCP). In this blog, we've emphasized the simplicity of connecting AI agents to various data sources through MCP, streamlining previously complex implementations. Given the critical role of secure access to platforms and services for AI agents, APIM offers robust solutions for managing OAuth tokens and ensuring secure access to protected endpoints, making it an invaluable asset for enterprises, despite the challenges of authentication. API Management: An Enterprise Solution for Securing MCP Servers Azure API Management is an essential tool for enterprise customers looking to integrate AI models with external tools using the Model Context Protocol (MCP). It is designed to help you to securely expose your remote MCP servers. MCP servers are still very new, and as the technology evolves, API Management provides an enterprise-ready solution that will evolve with the latest technology. Stay tuned for further feature announcements soon! Acknowledgments This post and work was made possible thanks to the hard work and dedication of our incredible team. Special thanks to Pranami Jhawar, Julia Kasper, Julia Muiruri, Annaji Sharma Ganti Jack Pa, Chaoyi Yuan and Alex Vieira for their invaluable contributions. Additional Resources MCP Client Server integration with APIM as AI gateway Blog Post: https://aka.ms/remote-mcp-apim-auth-blog Sequence Diagram: https://aka.ms/mcp-remote-apim-auth-diagram APIM lab: https://aka.ms/ai-gateway-lab-mcp-client-auth Python: https://aka.ms/mcp-remote-apim-auth .NET: https://aka.ms/mcp-remote-apim-auth-dotnet On-Behalf-Of Authorization: https://aka.ms/mcp-obo-sample 3rd Party APIs â Backend Auth via Credential Manager: Blog Post: https://aka.ms/remote-mcp-apim-lab-blog APIM lab: https://aka.ms/ai-gateway-lab-mcp YouTube Video: https://aka.ms/ai-gateway-lab-demoAnnouncing General Availability: Azure Logic Apps Standard Custom Code with .NET 8
Weâre excited to announce the General Availability (GA) of Custom Code support in Azure Logic Apps Standard with .NET 8. This release marks a significant step forward in enabling developers to build more powerful, flexible, and maintainable integration workflows using familiar .NET tools and practices. With this capability, developers can now embed custom .NET 8 code directly within their Logic Apps Standard workflows. This unlocks advanced logic scenarios, promotes code reuse, and allows seamless integration with existing .NET libraries and servicesâmaking it easier than ever to build enterprise-grade solutions on Azure. Whatâs New in GA This GA release introduces several key enhancements that improve the development experience and expand the capabilities of custom code in Logic Apps: Bring Your Own Packages Developers can now include and manage their own NuGet packages within custom code projects without having to resolve conflicts with the dependencies used by the language worker host. The update includes the ability to load the assembly dependencies of the custom code project into a separate Assembly context allowing you to bring any NET8 compatible dependent assembly versions that your project need. There are only three exceptions to this rule: Microsoft.Extensions.Logging.Abstractions Microsoft.Extensions.DependencyInjection.Abstractions Microsoft.Azure.Functions.Extensions.Workflows.Abstractions Dependency Injection Native Support Custom code now supports native Dependency Injection (DI), enabling better separation of concerns and more testable, maintainable code. This aligns with modern .NET development patterns and simplifies service management within your custom logic. To enable Dependency Injection, developers will need to provide a StartupConfiguration class, defining the list of dependencies: public class StartupConfiguration : IConfigureStartup { /// <summary> /// Configures services for the Azure Functions application. /// </summary> /// <param name="services">The service collection to configure.</param> public void Configure(IServiceCollection services) { // Register the routing service with dependency injection services.AddSingleton<IRoutingService, OrderRoutingService>(); services.AddSingleton<IDiscountService, DiscountService>(); } } You will also need to initialize those register those services during your custom code class constructor: public class MySampleFunction { private readonly ILogger<MySampleFunction> logger; private readonly IRoutingService routingService; private readonly IDiscountService discountService; public MySampleFunction(ILoggerFactory loggerFactory, IRoutingService routingService, IDiscountService discountService) { this.logger = loggerFactory.CreateLogger<MySampleFunction>(); this.routingService = routingService; this.discountService = discountService; } // your function logic here } Improved Authoring Experience The development experience has been significantly enhanced with improved tooling and templates. Whether you're using Visual Studio or Visual Studio Code, youâll benefit from streamlined scaffolding, local debugging, and deployment workflows that make building and managing custom code faster and more intuitive. The following user experience improvements were added: Local functions metadata are kept between VS Code sessions, so you don't receive validation errors when editing workflows that depend on the local functions. Projects are also built when designer starts, so you don't have to manually update references. New context menu gestures, allowing you to create new local functions or build your functions project directly from the explorer area Unified debugging experience, making it easer for you to debug. We have now a single task for debugging custom code and logic apps, which makes starting a new debug session as easy as pressing F5. Learn More To get started with custom code in Azure Logic Apps Standard, visit the official Microsoft Learn documentation: Create and run custom code in Azure Logic Apps Standard You can also find example code for Dependency injection wsilveiranz/CustomCode-Dependency-InjectionGet Ready for Azure Integration Services at Microsoft Ignite 2024
Microsoft Ignite 2024 is just around the corner, and weâre excited to share how Azure Integration Services is taking center stage this year! Whether you're attending in person in Chicago or virtually from anywhere in the world, this is your chance to dive deep into the latest innovations in enterprise integration, AI-powered automation, API governance, and much more. Mark your calendars for these must-see sessions: Breakout sessions Modernize Enterprise Integration with Azure Integration Services Date: Thursday, November 21, 2024 Time: 12:30 PM - 1:15 PM Pacific Standard Time Session Code: BRK150 Speakers: Divya Swarnkar, Kent Weare In todayâs rapidly evolving digital world, modernizing enterprise integration is critical to maintaining a competitive edge. This session will explore how Azure Integration Services can streamline and automate your processes, ensuring business continuity while driving transformation. Weâll cover how hybrid deployment models seamlessly connect on-premises systems with the cloud and demonstrate how to transition from legacy platforms like BizTalk to Azure Integration Servicesâall while preserving your existing investments. Now that you have a solid foundation, weâll showcase how Azure Logic Apps can integrate AI into your workflows, reshape every business process, and reinvent customer experiences. If youâre looking to modernize your enterprise integration, unlock new opportunities, and stay ahead without disrupting your business operations, this session is for you. Effective API Governance in the Era of AI with Azure API Management Date: Wednesday, November 20, 2024 Time: 3:00 PM - 3:45 PM Pacific Standard Time Session Code: BRK143 Speakers: Mike Budzynski, Julia Kasper As APIs continue to drive innovation, effective governance becomes more importantâespecially when it comes to managing the complexity of AI-driven workloads. In this session, weâll dive into how Azure API Management can help you implement a robust API governance model that ensures security, compliance, and scalability for AI and other critical APIs. Learn how to leverage Azureâs powerful tools like Azure API Management, Azure Policy, and Microsoft Defender for Cloud to accelerate API development, enhance reliability, and stay ahead of evolving security requirementsâall without slowing down innovation. Demo GenAI Gateway Capabilities in Azure API Management Date: Wednesday, November 20, 2024 Time: 9:00 AM - 9:15 AM Pacific Standard Time Session Code: THR509 Speakers: Nima Kamoosi, Fernando Mejia GenAI apps are pushing the boundaries of whatâs possible with APIs. This quick but impactful demo will show you how GenAI gateway capabilities in Azure API Management can help overcome scalability, security, and monitoring challenges in GenAI app development. Weâll demonstrate how you can configure Azure API Management to authenticate and authorize LLM (Large Language Model) endpoints, enforce token consumption limits, monitor usage, and implement load balancingâall within the familiar environment of Azure. Donât miss this opportunity to see how these capabilities can streamline your GenAI app development. In-Person Expert Meetup at Microsoft Hub Want to dive even deeper into the world of Azure Integration Services? Join us at the Expert Meetup stations in the Microsoft Hub at Ignite for in-person demos and to ask questions directly to the product experts and team members. This is a great opportunity to engage with the people behind the solutions and get tailored advice on your integration challenges. Donât Miss Out! Microsoft Ignite 2024 offers a unique chance to gain firsthand insights into the latest trends and solutions shaping the future of enterprise integration and API management. Register today to secure your spot and take advantage of these exciting sessions, demos, and expert meetups.
