Skip to main content
Items marked (preview) in this article are currently in public preview. This preview is provided without a service-level agreement, and we don’t recommend it for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.
For information on optimizing tool usage, see best practices.
The Foundry Tools Catalog provides over 1,000 connectors — pre-built integrations to SaaS, data, and line-of-business systems. When you add a connector to your agent, Foundry creates a managed MCP server: an MCP server that Foundry provisions and manages in your Foundry account’s Connector Namespace. Your agent calls the managed MCP server’s tools to perform actions during a conversation — for example, creating a GitHub issue, querying a database, or sending a message.
Only validated connectors surface the new managed-MCP-server experience in the Foundry portal Add tool catalog. Unvalidated connectors remain available through the previous connector experience. If you configure connectors through the code-first path (REST API, SDK, or azd), there’s no gating — you can use any connector in the catalog. Reach out to the Foundry team if you run into issues with a specific connector.
Non-Microsoft tools including third-party MCP servers available in the Foundry Tools Catalog (“Third-Party Tools”) are Non-Microsoft Products under your agreement governing use of Azure. When you connect to a Third-Party Tool, you do so at your own risk. You’re responsible for any terms and charges for Third-Party Tools. Microsoft has no responsibility to you or others in relation to your use of Third-Party Tools. Carefully review and track the Third-Party Tools you add to your MCP client.Some of your information and data (such as authentication keys and prompt content) might be passed to the Third-Party Tool, or your MCP client might receive data from the Third-Party Tool. Review all data shared with Third-Party Tools and stay aware of third-party practices for data retention and location. You’re responsible for managing whether your data flows outside your organization’s Azure compliance and geographic boundaries.MCP implementations are vulnerable to attacks, cascading failures, and loss of human oversight. To mitigate these risks, vet MCP servers for security and reliability, follow Microsoft’s recommendations and industry best practices, and implement approval mechanisms to monitor cascading behaviors.

How it works

Each Foundry account has a Connector Namespace — a fully managed service that hosts connector runtimes and MCP servers. Each project maps to an environment in that namespace. When you configure a connector, Foundry publishes it as a managed MCP server in your project’s environment. The namespace handles server hosting, tool definitions, authentication, credential management, and lifecycle. Your agent calls the managed MCP server’s tools without you writing custom server code or managing infrastructure. The configuration flow has four steps:
  1. Browse — find the connector in the Tools Catalog.
  2. Connect — authenticate to the connector’s service.
  3. Select actions — choose which connector actions to expose as MCP tools.
  4. Add tool — Foundry creates the managed MCP server and adds it to your agent.

Publisher tiers and data handling

The catalog includes connectors published by Microsoft, verified third-party publishers, and independent publishers. Check the By: field on the connector’s detail page before connecting, or review the full list at List of all MCP servers.
Publisher tierExamplesData responsibility
Microsoft (internal services)SharePoint, Teams, Dynamics 365Data stays on Microsoft infrastructure; Microsoft privacy policies apply end-to-end
Microsoft (external services)GitHubData transits Microsoft infrastructure to the external service; Microsoft policies apply in transit, the external company’s policies apply at the destination
Verified third-partyDocusign, Databricks, BoxSame as Microsoft external; review the publisher’s privacy policy and data-protection terms before connecting
Independent publisherCommunity-contributed connectorsLower certification bar than first-party connectors; review the publisher’s terms and data practices carefully
The Connector Namespace acts as a proxy to external services. While data is in transit through the namespace (Microsoft infrastructure), Microsoft privacy policies apply. Once the namespace sends the request to the external service, that company’s policies govern data storage, retention, and geography. For details on connector validation and data protection, see Vet with data protection in connectors.
Managed MCP servers are scoped to the Foundry project where they’re created. Connector triggers aren’t supported; only actions that your agent can invoke are available.

Supported regions

Managed MCP servers powered by connector namespaces are available in the following Foundry project regions:
  • australiaeast
  • brazilsouth
  • canadacentral
  • eastus2
  • francecentral
  • germanywestcentral
  • japaneast
  • norwayeast
  • southafricanorth
  • southcentralus
  • spaincentral
  • swedencentral
  • switzerlandnorth
  • westus3

Prerequisites

  • An active Microsoft Foundry project.
  • Foundry Project Manager role on the Foundry project.
  • Credentials for the service you want to connect to (for example, an API key, OAuth account, or personal access token).

Authentication types

Auth typeWhen to useCatalog signal
OAuth2The connector uses OAuth2 authorization code flow. Foundry manages the token exchange; you complete a one-time consent flow.x-ms-connection-parameters contains a field with "type": "oauthSetting"

Add a managed MCP server

The configuration experience in this article applies to managed MCP servers that support OAuth2 authentication. For managed MCP servers with other authentication types, see Add connector actions as agent tools in Azure Logic Apps.

Related content