Microsoft MCP server certification overview (preview)

Important

This article contains Microsoft Copilot Studio preview documentation and is subject to change.

Preview features aren't meant for production use and may have restricted functionality. These features are available before an official release so that you can get early access and provide feedback.

If you're building a production-ready agent, see Microsoft Copilot Studio Overview.

Model Context Protocol (MCP) servers are services that provide tools and actions that agents can use across Microsoft 365 Copilot and other AI powered experiences. Certification gives customers and administrators confidence that an external service meets Microsoft expectations for reliability, security, compliance, and responsible operation before it is broadly available. Certified MCP servers provide clear setup guidance, reliable tool execution, appropriate authentication, and documentation that helps makers and administrators understand how to use the server safely.

This updated process keeps the core certification basics intact: verified publishers submit an MCP package, Microsoft validates the package and runtime behavior, remediates issues before approval, and publishers remain responsible for maintaining the certified experience after publication.

Important

Going forward, use the Partner Center offer type Apps and Agents for M365 and Copilot for Microsoft MCP server certification submissions. You don't need to resubmit MCP servers certified through the previous process solely because of this change. If action is needed, Microsoft will reach out. Microsoft will transition existing certified MCPs to the new process path. If you're having trouble, you can use the old path until end of July 2026. For more information, see Microsoft MCP server certification - Microsoft Copilot Studio.

Certified MCP servers

Each certified MCP server provides reference content to support setting up the tools and actions that integrate with Microsoft 365 Copilot and other AI experiences. To see the filtered list of current certified MCP servers, go to MCP servers List of all MCP servers.

Prerequisites

Before submitting an MCP server for certification, make sure your organization and package meet baseline eligibility, technical, and compliance expectations:

  • Publisher eligibility: You must be a verified publisher and own or control the MCP server endpoint you submit.
  • Authentication readiness: Support an approved authentication method and provide configuration details for validation.
  • Package completeness: Include the MCP package, metadata, public documentation, icons, and support, privacy, and terms links.
  • Testing readiness: Test MCP tools before submission and include evaluation evidence when available.

Publisher eligibility

To submit MCP servers for certification, you must be a verified publisher. Your organization must:

  • Have a Microsoft Partner Center account with completed business verification.
  • Be enrolled in the Microsoft 365 and Copilot program.
  • Own or control the MCP server endpoint you're submitting.

If you're an independent publisher who doesn't own the underlying service, you're not eligible to submit directly. You must partner with the service owner or complete verification before pursuing certification.

What's changing

The updated certification process introduces changes to submission paths, package requirements, and publishing surfaces.

Area Updated guidance
Offer type in Partner Center Use Apps and Agents for M365 and Copilot for new MCP certification submissions.
Package All MCP submissions now require a Manifest File, Tool File, and Key Vault authentication configuration.
Existing certified MCPs MCPs certified through the previous process don't need to take action solely because of the process change; Microsoft transitions them to the new path.
Publishing surfaces Certified MCP servers are expected to be available in Azure Foundry in addition to Copilot Studio, with broader Microsoft 365 Admin center discovery and governance surfaces as applicable.
Package definitions Include a link to Microsoft package and icon guidance so publishers follow correct sizing, branding, safe-area, contrast, and image requirements. See Prepare for Teams Store Submission.

Certification process

The high-level journey is straightforward: prepare the package, submit it in Partner Center, pass validation and review, then publish and maintain the certified MCP server.

Step Stage What happens
1 Prepare your package Assemble the MCP server package, including the manifest, tool definitions, authentication details, required metadata, public documentation, icons, and any supporting artifacts.
2 Submit through Partner Center Create a new offer using the Apps and Agents for M365 and Copilot offer type. Upload the package and provide required commercial, legal, support, and publisher information.
3 Automated validation Microsoft validates package structure, required fields, schema correctness, metadata completeness, and baseline policy readiness. You must fix blocking issues before review can continue.
4 Functional and safety review Microsoft reviews the MCP server for functionality, endpoint behavior, authentication, security, compliance, telemetry readiness, and responsible AI considerations. Evaluation proof can help accelerate review.
5 Approval and publishing After approval, the certified MCP server is published to supported Microsoft discovery and runtime surfaces. Certified MCPs are expected to be discoverable in Copilot Studio and Azure Foundry, with Microsoft 365 admin governance support as applicable.
6 Maintain and update Keep the implementation aligned with the certified package. Resubmit updates when introducing new tools, significant metadata changes, or package changes that affect the certified experience.

Package definitions and branding

For package assets such as icon sizing, safe-area rules, branding, and contrast, use Microsoft 365 / Teams package guidance as the reference for submission readiness. See Prepare for Teams Store Submission.

Package area Public guidance to include
Manifest and tool definition files Describe the MCP server, tools, prompts/resources if applicable, endpoint configuration, and tool schemas.
Authentication and test configuration Include supported authentication details, test credentials or setup instructions, and any required environment configuration for validation.
Metadata and public documentation Provide display name, short and long descriptions, categories, publisher information, support links, privacy/terms links, and intro documentation.
Branding and app assets Use required Microsoft 365 / Teams package icon and image guidance for color icons, outline/default icons, sizing, safe areas, contrast, and branding. See Prepare for Teams Store Submission.
Evaluation evidence, if available Include representative functional and safety test evidence. This evidence is useful for validating expected behavior and speeding review, especially for higher-risk actions or AI-driven behavior.

Manifest file

The manifest file is a JSON file that contains the MCP server definition, tool definitions, authentication configuration, metadata, public documentation, and any supporting artifacts. The file needs to follow the required structure and include all necessary information for Microsoft to validate the MCP server during certification. Here's an example structure of the manifest file:

{
  "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/vDevPreview/MicrosoftTeams.schema.json",
  "manifestVersion": "devPreview",
  "version": "1.0.0",
  "id": "<APP_ID>",
  "developer": {
    "name": "<COMPANY_NAME>",
    "websiteUrl": "<COMPANY_WEBSITE_URL>",
    "privacyUrl": "<PRIVACY_POLICY_URL>",
    "termsOfUseUrl": "<TERMS_OF_USE_URL>"
  },
  "name": {
    "short": "<MCP_SHORT_NAME>",
    "full": "<MCP_FULL_NAME>"
  },
  "description": {
    "short": "<SHORT_DESCRIPTION>",
    "full": "<LONG_DESCRIPTION>"
  },
  "agentConnectors": [
    {
      "id": "<CONNECTOR_ID>",
      "displayName": "<CONNECTOR_DISPLAY_NAME>",
      "description": "<CONNECTOR_DESCRIPTION>",
      "toolSource": {
        "remoteMcpServer": {
          "mcpServerUrl": "<MCP_SERVER_URL>",
          "mcpToolDescription": {
            "file": "mcptools.json"
          },
          "authorization": {
            "type": "AzureKeyVault",
            "referenceId": "<KEYVAULT_URI>"
          }
        }
      }
    }
  ],
  "icons": {
    "outline": "Outline.png",
    "color": "Color.png"
  },
  "accentColor": "<HEX_COLOR>"
}

Publishing and availability

After certification approval, the MCP server is published to supported Microsoft discovery and runtime surfaces. Certified MCPs are available in Azure Foundry in addition to Copilot Studio. Where applicable, certified MCPs should also align with Microsoft 365 admin governance and discovery experiences used to enable, deploy, or manage agents and tools for an organization.

Post-certification responsibilities

After certification, publishers are responsible for maintaining the certified experience:

  • Keep the MCP implementation aligned with the certified package and public documentation.
  • Maintain accurate support, privacy, terms, and metadata links.
  • Monitor service health, telemetry, and runtime quality so the certified experience remains reliable.
  • Resubmit package updates when adding tools, changing certified metadata, or making significant behavior changes.

FAQ

How can I set up the Key Vault?

To set up authentication with Azure Key Vault, follow these steps:

  1. Create an Azure Key Vault in your Azure tenant by using the Azure portal.

  2. Store the following secrets in the Key Vault:

    Required secrets:

    • ClientId
    • ClientSecret
    • TokenUrl

    Optional secrets (depending on Identity Provider configuration):

    • AuthorizationUrl (required for OAuth2 IdentityProvider)
    • RefreshUrl
    • Scopes
    • AzureActiveDirectoryResourceId (required for AAD IdentityProvider)
  3. Create a service principal for the Microsoft application:

    8e91e74f-afe9-41cd-8c3f-17a9562a74ea

    Grant this service principal Key Vault Secrets User (or equivalent RBAC read access) to the Azure Key Vault so the certification service can retrieve the secrets during validation.

  4. Add the Key Vault URI to the MCP manifest:

    "authorization": {
      "type": "AzureKeyVault",
      "referenceId": "https://<your-keyvault>.vault.azure.net/"
    }
    

    The authorization.referenceId must be the Azure Key Vault URI.

    Example:

    "authorization": {
      "type": "AzureKeyVault",
      "referenceId": "https://contoso-mcp-kv.vault.azure.net/"
    }
    
  5. Package and submit the MCP certification package.

During certification validation, the service securely retrieves the OAuth configuration from the referenced Azure Key Vault.

What are the Identity Provider requirements?

The following table lists the required Key Vault secrets for each Identity Provider type:

Identity Provider Required Key Vault Secrets
OAuth2 ClientId, ClientSecret, AuthorizationUrl, TokenUrl
OAuth2 + Refresh Token ClientId, ClientSecret, AuthorizationUrl, TokenUrl, RefreshUrl
OAuth2 with Scopes Add Scopes
Azure AD ClientId, ClientSecret, TokenUrl, AzureActiveDirectoryResourceId

Are secret names case-sensitive?

Yes. Secret names are case-sensitive and should match exactly:

  • ClientId
  • ClientSecret
  • AuthorizationUrl
  • TokenUrl
  • RefreshUrl
  • Scopes
  • AzureActiveDirectoryResourceId

What value should I use for authorization.referenceId?

Place the Key Vault URI (not a secret URI) in authorization.referenceId.