Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
This preview feature is subject to the Supplemental Terms of Use for Microsoft Azure Previews.
In this quickstart, you create a hosted Model Context Protocol (MCP) server in Azure Connector Namespace and connect it to MCP clients. Use the server selector at the top of this page to choose the server that you want to deploy.
MCP servers are a first-class resource in Azure Connector Namespace. Connector Namespace is a fully managed service that hosts connectors, connections, triggers, and MCP servers.
When you create a hosted MCP server in a namespace, the platform runs a prebuilt image of the server in dedicated compute that it provisions. You control server configuration, environment variables, and parameters. The namespace handles hosting, scaling, and credential management. AI agents like Copilot, custom agents, or any MCP-aware client discover and call the server's tools by using the namespace's connection model.
Hosted MCP servers differ from managed MCP servers, which are platform-managed implementations built on connectors. The namespace handles tool definitions and configuration for managed servers.
Prerequisites
An Azure account and subscription. If you don't have one, create a free Azure account.
Visual Studio Code installed.
Azure CLI installed.
An existing Connector Namespace resource. If you don't have one, create a connector namespace.
An existing Application Insights resource. If you don't have one, create an Application Insights resource.
An Azure SQL Database server with a database. If you don't have one, create an Azure SQL database.
Data API builder (DAB) CLI installed.
Note
During the preview, hosted MCP servers are available in the following regions: West Central US, East Asia, Central US, and North Europe.
Seed the SQL database
In the Azure portal, go to your SQL database (not the server).
On the left menu, select Query editor and sign in as the database admin.
Select New query and run the following command to seed the database:
CREATE TABLE dbo.Books ( Id int IDENTITY(1,1) PRIMARY KEY, Title nvarchar(200) NOT NULL ); INSERT INTO dbo.Books (Title) VALUES (N'The little prince'); INSERT INTO dbo.Books (Title) VALUES (N'Pride and prejudice');
Generate the DAB configuration file
The SQL hosted MCP server is built on Data API builder (DAB), which provides a secure data API over your database and exposes its entities (tables) as MCP tools. The server requires a DAB configuration file that defines the database connection and the entities to expose.
Generate a DAB configuration file for your database, and enable only MCP:
dab init --database-type "mssql" --host-mode "Development" --graphql.enabled false --rest.enabled false --connection-string "<your-sql-connection-string>"Because the server will access the underlying database by using a system-assigned managed identity (SAMI), the connection string should look like the following example:
Server=<your-sql-server>.database.windows.net;Database=<your-database>;Authentication=Active Directory Default;Encrypt=True;TrustServerCertificate=False;Add the Books entity and related permission:
dab add Books --source "dbo.Books" --permissions "anonymous:*"For details on configuring entities and permissions, see Data API builder authorization.
Here's an example configuration file:
{ "$schema": "https://github.com/Azure/data-api-builder/releases/download/v1.7.93/dab.draft.schema.json", "data-source": { "database-type": "mssql", "connection-string": "Server=<your-sql-server>.database.windows.net;Database=<your-database>;Authentication=Active Directory Default;Encrypt=True;TrustServerCertificate=False;", "options": { "set-session-context": false } }, "runtime": { "rest": { "enabled": false, "path": "/api", "request-body-strict": true }, "graphql": { "enabled": false, "path": "/graphql", "allow-introspection": true }, "mcp": { "enabled": true, "path": "/mcp" }, "host": { "cors": { "origins": [], "allow-credentials": false }, "authentication": { "provider": "AppService" }, "mode": "development" } }, "entities": { "Books": { "source": { "object": "dbo.Books", "type": "table" }, "graphql": { "enabled": true, "type": { "singular": "Books", "plural": "Books" } }, "rest": { "enabled": true }, "permissions": [ { "role": "anonymous", "actions": [ { "action": "*" } ] } ] } } }
Create a hosted MCP server
Sign in to the Azure portal.
Search for your Connector Namespace resource.
Select Connect to Namespace to open the namespace portal on a new browser tab.
When you're redirected, sign in by using your Microsoft account that's associated with the namespace.
Inside the namespace instance, look for the MCP connector section and select the + Create button.
- Search for Playwright and select it to create the server.
Search for Azure SQL and select it to create the server.
In the creation window, select Manage Identity for the outbound authentication method.
Upload the DAB configuration file generated earlier.
Select Create.
Wait for the required connection and server to be provisioned and deployed. Don't close the Create dialog after deployment. You'll set up an Application Insights resource to collect telemetry from your server.
Enable monitoring on the server
Open another tab to get the connection string of your Application Insights resource in the Azure portal.
Go back to the namespace portal and select Enable monitoring.
Paste the connection string into the box and select Enable.
Select Done when Application Insights is configured.
You should be automatically directed to the deployed server's Overview page, where you can find the endpoint. If not, select the MCP Connectors tab on the left menu and find the server that you deployed.
Grant the namespace identity access to your database
The hosted SQL server uses the namespace's SAMI to access your database. You can enable a SAMI during namespace creation.
If you didn't enable a SAMI during creation, you must enable it by going to your namespace instance in the web portal. On the left menu, find the Identity tab. Switch the System Assigned toggle to On and save the update.
Go to your SQL database in the Azure portal, open Query editor, and run the following command to grant access to the managed identity:
CREATE USER [<your-connector-namespace-name>] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [<your-connector-namespace-name>];
ALTER ROLE db_datawriter ADD MEMBER [<your-connector-namespace-name>];
GRANT VIEW DEFINITION TO [<your-connector-namespace-name>];
Replace <your-connector-namespace-name> with the name of your Connector Namespace resource.
Connect from GitHub Copilot in Visual Studio Code
To connect your hosted MCP server to GitHub Copilot in Visual Studio Code, add the server configuration to your MCP settings:
{ "servers": { "my-hosted-server": { "url": "<your-mcp-endpoint-url>", "type": "http" } } }Replace
<your-mcp-endpoint-url>with the endpoint URL that you copied from the server's Overview page.Select Start above the server name. You're asked to authenticate with Microsoft. Sign in with the email address that you used to sign in to the Azure portal.
Confirm that the number of available tools appears above the server name.
- Open Copilot agent mode and ask "What is the closest pizzeria to 11 Times Square?"
- Open Copilot agent mode and ask "What tables are available?"
Connect from MCP Inspector
From the terminal, run:
az loginGet an access token from your
az loginsession to connect to the server:MCP_TOKEN=$(az account get-access-token --resource https://apihub.azure.com --query accessToken -o tsv)Make a call to the server to get a list of tools:
npx @modelcontextprotocol/inspector --cli \ "<your-mcp-endpoint-url>" \ --transport http \ --method tools/list \ --header "Authorization: Bearer $MCP_TOKEN"
Call a specific tool. For example, the following command calls the
browser_navigatetool:npx @modelcontextprotocol/inspector --cli \ "<your-mcp-endpoint-url>" \ --transport http \ --method tools/call \ --tool-name browser_navigate \ --tool-arg url="https://www.google.com/search?q=pizza+near+11+Times+Square+New+York" \ --header "Authorization: Bearer $MCP_TOKEN"
Call a specific tool. For example, the following command calls the
describe_entitiestool to list available entities:npx @modelcontextprotocol/inspector --cli \ "<your-mcp-endpoint-url>" \ --transport http \ --method tools/call \ --header "Authorization: Bearer $MCP_TOKEN" \ --tool-name describe_entities \ --tool-arg 'nameOnly=true'Call the
read_recordstool to retrieve records from an entity (Books):npx @modelcontextprotocol/inspector --cli \ "<your-mcp-endpoint-url>" \ --transport http \ --method tools/call \ --header "Authorization: Bearer $MCP_TOKEN" \ --tool-name read_records \ --tool-arg 'entity=Books' \ --tool-arg 'first=2'
Important
Manually passing access tokens is suitable only for local development and testing. For production scenarios, use managed identities or OAuth flows to acquire tokens automatically.
View server logs
Go to the Azure portal and find the Application Insights resource that you configured with the MCP server.
On the left menu, find Investigate > Search.
Set the Local Time filter on the top to the last 30 minutes. View the logs as traces or individual items.
Troubleshoot the SQL server
If your hosted SQL MCP server doesn't connect or return data as expected, check the following items:
- DAB configuration file. Confirm that the uploaded DAB configuration file is valid, uses the correct connection string, and defines the entities and permissions that you expect to expose.
- System-assigned managed identity. Ensure that a SAMI is enabled on the namespace. Go to your namespace instance in the web portal, select the Identity tab, and confirm that System Assigned is set to On.
- Database access. Ensure that the namespace identity is granted access to the database. See Grant the namespace identity access to your database.