jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-23 03:44:00 -05:00
Code Issues Projects Releases Wiki Activity
Files
repo-sync
docs/content/copilot/how-tos/administer-copilot/manage-mcp-usage/configure-mcp-server-access.md
Sam Browning 7dd1045f2c Add and EDI-ify content for MCP allowlist enforcement in VS Code (#58431) 
Co-authored-by: Dimitrios Philliou <d1m1tr10s@github.com>
Co-authored-by: Melanie Yarbrough <11952755+myarb@users.noreply.github.com>
2025-11-17 19:19:02 +00:00

3.3 KiB
Raw Permalink Blame History

title, intro, permissions, product, versions, topics, shortTitle, redirect_from, contentType, category
title intro permissions product versions topics shortTitle redirect_from contentType category
Configure MCP server access for your organization or enterprise You can configure an MCP registry URL and access control policy to determine which MCP servers developers can discover and use in supported IDEs with {% data variables.product.prodname_copilot %}. Enterprise owners and organization owners {% data variables.copilot.copilot_enterprise_short %} or {% data variables.copilot.copilot_business_short %}
feature
copilot
Copilot
Enterprise
Configure MCP server access
/copilot/how-tos/administer-copilot/configure-mcp-server-access
/copilot/how-tos/administer-copilot/manage-for-organization/set-extension-permissions
how-tos
Manage Copilot for a team

Note

The MCP registry URL and allowlist are in {% data variables.release-phases.public_preview %} and subject to change.

Prerequisites

Before you can fully configure MCP server access for your company, you need to create an MCP registry. See AUTOTITLE.

Configuring the MCP allowlist policy for an enterprise

To ensure uniform access, you can set and maintain your MCP registry URL and allowlist policy at the enterprise level. Otherwise, if your teams have different needs, you should configure separate policies for each organization.

{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.ai-controls-tab %} {% data reusables.enterprise-accounts.view-mcp-policies %}

  1. Ensure MCP servers in {% data variables.product.prodname_copilot_short %} is set to Enabled everywhere.

  2. In the MCP Registry URL section, enter the URL of your registry, then click Save.

    {% data reusables.copilot.mcp.azure-api-center-url %}

  3. In the Restrict MCP access to registry servers section, select the dropdown menu, then click one of the following options:

    • Allow all: No restrictions. All MCP servers can be used.
    • Registry only: Only servers from the registry may run.

    Your chosen policy will immediately apply to developers in your enterprise.

Configuring the MCP allowlist policy for an organization

{% data reusables.profile.access_org %} {% data reusables.profile.org_settings %}

  1. In the sidebar, under "Code, planning, and automation", click {% octicon "copilot" aria-hidden="true" aria-label="copilot" %} {% data variables.product.prodname_copilot_short %}, then click Policies.

  2. In the "Features" section, ensure MCP servers in {% data variables.product.prodname_copilot_short %} is set to Enabled.

  3. In the MCP Registry URL (optional) field, enter the URL of your registry, then click Save.

    {% data reusables.copilot.mcp.azure-api-center-url %}

  4. In the Restrict MCP access to registry servers section, select the dropdown menu, then click one of the following options:

    • Allow all: No restrictions. All MCP servers can be used.
    • Registry only: Only servers from the registry may run.

    Your chosen policy will immediately apply to developers in your organization.

Next steps

For detailed information on MCP allowlist enforcement and limitations, see AUTOTITLE.

Reference in New Issue View Git Blame Copy Permalink