Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Agent 365 CLI
Manage MCP servers in Dataverse environments. The develop-mcp command provides options to publish, unpublish, and register MCP servers for use in Dataverse environments.
Note
The develop-mcp approve, develop-mcp block, and develop-mcp package-mcp-server commands are removed from the Agent 365 CLI. Tenant administrators now perform server approval and blocking in the Microsoft admin center — pending requests are reviewed on the Requested Agents page. The CLI no longer produces MCP server packages for Admin Center submission; admins onboard and manage servers directly in the admin center.
Minimum role required: Varies by subcommand
Syntax
a365 develop-mcp [command] [options]
Options
| Option | Description |
|---|---|
-v, --verbose |
Enable verbose logging |
-?, -h, --help |
Show help and usage information |
develop-mcp evaluate
Evaluate your MCP server against scientific best practices to assess production readiness. This tool outputs a comprehensive evaluation report with scores, explanations, and action items. The command discovers the tools an MCP server exposes, runs a set of deterministic and AI-scored semantic checks against their schemas, and produces an HTML report that scores schema quality and lists prioritized action items for improvement.
a365 develop-mcp evaluate --server-url <server-url> [--auth-token <auth-token>] [options]
evaluate options
| Option | Description |
|---|---|
-u, --server-url <server-url> |
Required. The MCP server's streamable HTTP endpoint URL (typically ends in /mcp). |
--auth-token <auth-token> |
Optional. Only needed when the MCP server requires authentication. Bearer token for the server. Prefer the A365_MCP_AUTH_TOKEN environment variable; a token passed on the command line is visible to process listings and shell history. |
-o, --output-dir <output-dir> |
Directory for the checklist and report files. Defaults to the current directory (.). |
--eval-engine <eval-engine> |
Which local coding agent scores the semantic checks: auto (default; try GitHub Copilot, then Claude Code), github-copilot, claude-code, or none (skip AI scoring and expect a pre-scored checklist). |
-v, --verbose |
Enable verbose logging. |
-?, -h, --help |
Show help and usage information. |
evaluate examples
Evaluate a local server with automatic engine selection:
a365 develop-mcp evaluate --server-url "http://localhost:5000/mcp"
Evaluate an authenticated server, with the token supplied through an environment variable and artifacts written to a subfolder:
$env:A365_MCP_AUTH_TOKEN = "<bearer-token>"
a365 develop-mcp evaluate --server-url "https://my-mcp-server.contoso.com/mcp" --output-dir "./eval"
Generate the checklist only, then score it with your own LLM:
a365 develop-mcp evaluate --server-url "https://my-mcp-server.contoso.com/mcp" --eval-engine none
Force a specific scoring engine:
a365 develop-mcp evaluate --server-url "http://localhost:5000/mcp" --eval-engine claude-code
evaluate environment variables
Use the following environment variables to provide authentication and optionally control which model each local scoring engine uses.
| Environment variable | Purpose |
|---|---|
A365_MCP_AUTH_TOKEN |
Bearer token for the MCP server, used when --auth-token isn't passed. Preferred over the flag because it keeps the token out of process listings and shell history. |
A365_EVAL_COPILOT_MODEL |
Override the GitHub Copilot model. Requires an exact model ID, for example claude-haiku-4.5. |
A365_EVAL_CLAUDE_MODEL |
Override the Claude Code model. Accepts a model alias (for example haiku) or a full model ID. |
develop-mcp list-environments
List all Dataverse environments available for MCP server management.
a365 develop-mcp list-environments [options]
This command displays all Dataverse environments where you can manage MCP servers.
list-environments options
| Option | Description |
|---|---|
--dry-run |
Show what would be done without executing |
-v, --verbose |
Enable verbose logging |
-?, -h, --help |
Show help and usage information |
develop-mcp list-servers
List MCP servers in a specific Dataverse environment.
a365 develop-mcp list-servers [options]
This command shows all MCP servers that are currently deployed in the specified Dataverse environment.
list-servers options
| Option | Description |
|---|---|
-e, --environment-id <environment-id> |
Dataverse environment ID |
--dry-run |
Show what would be done without executing |
-v, --verbose |
Enable verbose logging |
-?, -h, --help |
Show help and usage information |
develop-mcp publish
Publish an MCP server to a Dataverse environment.
a365 develop-mcp publish [options]
Use this command to publish an MCP server to the specified Dataverse environment.
When you publish, the CLI creates a <server-name>-PublicClients Microsoft Entra app registration in your tenant. This app holds the OAuth permissions that client hosts (such as Visual Studio Code and the Microsoft 365 Copilot CLI) use to call the published MCP server. Because the command creates an app registration, the account running the CLI must have the Application.ReadWrite.All Microsoft Graph permission. Running publish without it fails.
Note
Provide --publisher-name for custom (user-created) MCP servers. The value is written to the published package's developer metadata and is required for these servers. It's ignored for first-party Microsoft-owned servers (for example, msdyn_DataverseMCPServer), which always publish as "Microsoft". When you omit it, the CLI prompts for it interactively; pass --yes to publish without prompts in CI or scripted contexts.
publish options
| Option | Description |
|---|---|
-e, --environment-id <environment-id> |
Dataverse environment ID |
-s, --server-name <server-name> |
MCP server name to publish |
-a, --alias <alias> |
Alias for the MCP server |
-d, --display-name <display-name> |
Display name for the MCP server |
-p, --publisher-name <publisher-name> |
Publisher name written to the published package metadata. Required for custom (user-created) MCP servers; ignored for first-party Microsoft-owned servers. Prompted interactively when omitted. |
-y, --yes |
Skip the interactive "Proceed with publish? (y/N)" confirmation. Use in CI or scripted contexts. |
--dry-run |
Show what would be done without executing |
-v, --verbose |
Enable verbose logging |
-?, -h, --help |
Show help and usage information |
develop-mcp unpublish
Unpublish an MCP server from a Dataverse environment.
a365 develop-mcp unpublish [options]
Use this command to remove an MCP server from the specified Dataverse environment.
unpublish options
| Option | Description |
|---|---|
-e, --environment-id <environment-id> |
Dataverse environment ID |
-s, --server-name <server-name> |
MCP server name to unpublish |
--dry-run |
Show what would be done without executing |
-?, -h, --help |
Show help and usage information |
develop-mcp register-external-mcp-server
Register an external MCP server with Entra, external OAuth, API key, or no authentication.
a365 develop-mcp register-external-mcp-server [options]
Use this command to register an externally hosted (third-party) MCP server with your tenant. The command creates the Microsoft Entra app registrations the platform needs, calls the Agent 365 platform to add the MCP server, and configures redirect URIs and API permissions on the new app registrations.
The server name must start with the ext_ prefix and be at most 20 characters long, for example ext_MyServer. Tool names must exactly match the names exposed by the remote MCP server. Mismatched names cause tool invocations to fail at runtime.
You can supply parameters in three ways:
- Pass them as command-line options.
- Provide a JSON file with
--input-file. Command-line options override values from the file. Seeregister-external-mcp-server-sample.jsonin the CLI templates for the file structure. - Omit any required value to be prompted interactively.
After the registration succeeds, ask your tenant administrator to approve the new MCP server before agents can use it. If you registered with ExternalOAuth, also add the displayed redirect URI to your external IDP application.
Important
If the registration fails after the Microsoft Entra app registrations are created, the apps aren't automatically rolled back. Delete them manually in the Azure portal before retrying.
register-external-mcp-server options
Some options are required only for specific authentication types, as described in the description column.
| Option | Description |
|---|---|
-s, --server-name <server-name> |
MCP server name. Must start with ext_ and be at most 20 characters, for example ext_MyServer |
-u, --server-url <server-url> |
Remote MCP server URL. Must be a valid HTTP or HTTPS URL |
-a, --auth-type <auth-type> |
Authentication type: EntraOAuth, ExternalOAuth, APIKey, or NoAuth |
--publisher <publisher> |
Publisher name (used in package metadata) |
--description <description> |
Server description (used in package metadata) |
--tools <tools> |
Comma-separated list of tool names exposed by this server, for example tool1,tool2,tool3 |
-f, --input-file <input-file> |
Path to a JSON file with the registration parameters |
--remote-scopes <remote-scopes> |
Scopes for the remote MCP server, for example api://{appId-guid}/{scopeName}. Used with EntraOAuth |
-t, --tenant-id <tenant-id> |
Entra tenant ID for the app registration. Defaults to the current az login tenant |
--service-tree-id <service-tree-id> |
ServiceTree ID for the Entra app registration. Required in Microsoft corporate tenants |
-l, --secret-lifetime-months <months> |
Lifetime in months (1-24) for generated client secrets on the created Entra apps. Defaults to 24 months (2 years). Set a value smaller than the appManagementPolicies cap in your tenant if your tenant policy enforces a shorter maximum |
--idp-authorization-url <url> |
External OAuth authorization URL. Required when --auth-type is ExternalOAuth |
--idp-token-url <url> |
External OAuth token URL. Required when --auth-type is ExternalOAuth |
--idp-scopes <scopes> |
External OAuth scopes. Required when --auth-type is ExternalOAuth |
--idp-client-id <client-id> |
External OAuth client ID. Required when --auth-type is ExternalOAuth |
--idp-client-secret <client-secret> |
External OAuth client secret. Required when --auth-type is ExternalOAuth |
--api-key-location <location> |
API key location: Header or Query. Required when --auth-type is APIKey |
--api-key-name <name> |
API key parameter or header name, for example X-API-Key or token. Required when --auth-type is APIKey |
--dry-run |
Show what would be done without executing |
-v, --verbose |
Enable verbose logging |
-?, -h, --help |
Show help and usage information |