Edit

How to view MCP traffic logs in Global Secure Access (Preview)

Global Secure Access Model Context Protocol (MCP) logging provides advanced monitoring and analysis capabilities for MCP traffic between client MCP on devices and remote MCP servers. This feature provides thorough visibility into which MCP servers are being used, what tools and resources they expose, and how those tools are invoked. MCP Logging helps you discover shadow MCP servers in your organization and enforce stronger security and governance controls on AI agent communications and helps in understanding what tool is exposed and what tools are used. MCP logging also monitors a client MCP that is used by the Copilot Studio agent and a remote MCP server in case you have enabled GSA MCP integration for Copilot Studio agents.

MCP Logging uses deep packet inspection to identify MCP traffic based on the protocol itself, rather than a predefined cloud app catalog. This approach enables discovery of previously unknown or private MCP servers that employees might be using.

This article describes how to access and interpret MCP traffic logs in the Global Secure Access Generative AI Insights page. MCP logging is currently in preview.

Prerequisites

  • A Microsoft Entra tenant with a Global Secure Access license. For details, see the licensing section of What is Global Secure Access. If needed, you can purchase licenses or get trial licenses.
  • One of the following roles: Global Secure Access Administrator or Global Secure Access Log Reader.
  • MCP traffic logging requires one of the following configurations:
    • End-user devices: The Global Secure Access client installed on the device with Internet Access traffic forwarding enabled and TLS inspection enabled. TLS inspection is required because MCP data is in the encrypted payload of the traffic.
    • Copilot Studio agents: Global Secure Access integration with Microsoft Copilot Studio enabled. When this integration is active, agent traffic routes through Global Secure Access and MCP traffic is logged without requiring TLS inspection.

Note

MCP Logging only captures traffic to remote MCP servers. Local MCP servers running on a device are not visible because their traffic doesn't have a network footprint that Global Secure Access can inspect.

What MCP Logging captures

MCP Logging records telemetry for every MCP session and operation. For each logged event, the following information is captured:

Field Description
Create date time Timestamp when the event was recorded.
Activity The traffic type, which is MCP for MCP traffic events.
Content The payload of the MCP API call. For an initialize response, this includes the server capabilities and supported tools. For a tools/call request, this includes the tool name and input arguments.
Destination URL The URL of the remote MCP server. This value is the unique identifier for the MCP server.
Event ID A unique identifier generated by the MCP protocol. The request and response for the same operation share the same event ID, which you can use to correlate them.
Event Type Indicates whether the log entry is a Request (sent from the MCP client to the server) or a Response (returned from the server to the client). Use this field together with the event ID to match each request with its corresponding response.
MCP Client Name The name reported by the MCP client. This name isn't guaranteed to be unique and might change, so use the destination URL as the reliable identifier.
MCP Server Name The name reported by the MCP server. This name isn't guaranteed to be unique and might change, so use the destination URL as the reliable identifier.
Session ID The MCP session identifier. Multiple events can occur within the same session, each with different event IDs.
Sub-activity The protocols MCP supports, including initialize, tools/list, tools/call, prompts/list,*/list, resources/templates/list, resources/read, tools/call, prompts/get, notifications/*/list_changed, notifications/resources/updated, sampling/createMessage, and roots/list. These correspond to the standard MCP protocol operations.
Transaction ID The related Global Secure Access traffic log transaction, which you can use to correlate MCP events with network-level traffic data.
User principle name The user or identity whose traffic was inspected.

Note

The Event ID and Session ID are generated by the MCP protocol, not by Global Secure Access. The Transaction ID is the corresponding Global Secure Access traffic log identifier.

Note

Not all rows will have an MCP Client or Server name. It is dependent on whether or not the name is part of the payload.

View MCP traffic logs

  1. Sign in to the Microsoft Entra admin center as at least a Security Reader.
  2. Browse to Global Secure Access > Monitor > Generative AI Insights.
  3. The page displays AI traffic events. To view only MCP traffic, use the Activity filter and select MCP.

View event details

Select any log entry to view its details. The details pane shows the full content of the MCP event, including:

  • The MCP sub-activity type (such as initialize, tools/list, or tools/call).
  • The request or response payload in the Content field.
  • Server-reported tool descriptions and capabilities in initialize responses.

Understand MCP sub-activities

MCP Logging captures all standard MCP protocol operations. Common sub-activities include:

Sub-activity Description
initialize The initial handshake between the MCP client and server. The response includes the server's supported capabilities and list of available tools with their descriptions.
tools/list A request to list all tools available on the MCP server.
tools/call An invocation of a specific tool. The content includes the tool name and input arguments.
prompts/list A request to list prompt templates available on the MCP server.
prompts/get A request to retrieve a specific prompt template.

Filter and sort logs

Use the filtering capabilities at the top of the Generative AI Insights page to narrow your view:

  • Activity: Filter by MCP to see only MCP traffic events.
  • Sub-activity: Filter by specific MCP operations, such as tools/call, to focus on tool invocations.
  • Destination URL: Filter by a specific MCP server URL to see all traffic to that server.
  • User: Filter by a specific user to see which MCP servers and tools they're using.

You can export the filtered results for offline analysis or integration with other monitoring tools.

Discover MCP servers

A key benefit of MCP Logging is the ability to discover which remote MCP servers are being accessed in your organization. Because the feature uses deep packet inspection to identify the MCP protocol, it can detect previously unknown or shadow MCP servers.

To review discovered MCP servers:

  1. Browse to Global Secure Access > Monitor > Generative AI Insights.
  2. Review the Destination URL column to identify unique MCP servers.
  3. Select an initialize response event to view the server's reported tools and capabilities.

Use this information to assess risk and determine whether to allow or block traffic to specific MCP servers. To block traffic to a risky MCP server, use URL filtering to deny access to that server's URL.

Next steps