Quickstart: Create a hosted MCP server in Azure Connector Namespace (preview)

Important

This preview feature is subject to the Supplemental Terms of Use for Microsoft Azure Previews.

In this quickstart, you create a hosted MCP server in Azure Connector Namespace and connect it to MCP clients. Use the server selector at the top of this page to choose the server you want to deploy.

Connector Namespace and hosted MCP server

Azure Connector Namespace is a fully managed service that hosts connectors, connections, triggers, and MCP servers. Within a namespace, an MCP server is a first-class resource that exposes tools to AI agents over the Model Context Protocol (MCP).

When you create a hosted MCP server in Connector Namespace, the platform runs a pre-built image of the server in dedicated compute that it provisions. You control server configuration, environment variables, and parameters, while the namespace handles hosting, scaling, and credential management. AI agents like Copilot, custom agents, or any MCP-aware client discover and call the server's tools using the namespace's connection model.

Hosted MCP servers differ from managed MCP servers, which are platform-managed implementations built on connectors. The namespace handles tool definitions and configuration for managed servers.

Prerequisites

An Azure account and subscription. If you don't have one, create a free Azure account.
Visual Studio Code installed.
Azure CLI installed.
An existing Connector Namespace resource. If you don't have one, create a Connector Namespace.
An existing Application Insights resource. If you don't have one, create an Application Insights.

An Azure SQL Database server with a database. If you don't have one, create an Azure SQL database.
Data API builder (DAB) CLI installed.

Note

During public preview, hosted MCP servers are available in the following regions: West Central US, East Asia, Central US, and North Europe.

Seed the SQL database

In the Azure portal, navigate to your SQL Database (not the server).
On the left menu, click Query editor and sign in as the database admin.

Click New query and run the following to seed the database:

CREATE TABLE dbo.Books
(
   Id int IDENTITY(1,1) PRIMARY KEY,
   Title nvarchar(200) NOT NULL
);

INSERT INTO dbo.Books (Title) VALUES (N'The little prince');
INSERT INTO dbo.Books (Title) VALUES (N'Pride and prejudice');

Generate the Data API Builder (DAB) configuration file

This file is required by the server.

Generate a DAB configuration file for your database, enabling only MCP:

dab init --database-type "mssql" --host-mode "Development" --graphql.enabled false --rest.enabled false --connection-string "<your-sql-connection-string>"

Since the server will access the underlying database using a system assigned managed identity (SAMI), the connection string should look like the following:

Server=<your-sql-server>.database.windows.net;Database=<your-database>;Authentication=Active Directory Default;Encrypt=True;TrustServerCertificate=False;

Add the Books entity (table) and related permission:

dab add Books --source "dbo.Books" --permissions "anonymous:*"

For details on configuring entities and permissions, see Data API builder authorization.

Example configuration file:

{
   "$schema": "https://github.com/Azure/data-api-builder/releases/download/v1.7.93/dab.draft.schema.json",
   "data-source": {
      "database-type": "mssql",
      "connection-string": "Server=<your-sql-server>.database.windows.net;Database=<your-database>;Authentication=Active Directory Default;Encrypt=True;TrustServerCertificate=False;",
      "options": {
         "set-session-context": false
      }
   },
   "runtime": {
      "rest": {
         "enabled": false,
         "path": "/api",
         "request-body-strict": true
      },
      "graphql": {
         "enabled": false,
         "path": "/graphql",
         "allow-introspection": true
      },
      "mcp": {
         "enabled": true,
         "path": "/mcp"
      },
      "host": {
         "cors": {
            "origins": [],
            "allow-credentials": false
         },
         "authentication": {
            "provider": "AppService"
         },
         "mode": "development"
      }
   },
   "entities": {
      "Books": {
         "source": {
            "object": "dbo.Books",
            "type": "table"
         },
         "graphql": {
            "enabled": true,
            "type": {
               "singular": "Books",
               "plural": "Books"
            }
         },
         "rest": {
            "enabled": true
         },
         "permissions": [
            {
               "role": "anonymous",
               "actions": [
                  {
                  "action": "*"
                  }
               ]
            }
         ]
      }
   }
}

Create a hosted MCP server

Sign in to the Azure portal.
Search for your Connector Namespace resource.
Select Connect to Namespace to open the namespace portal in a new browser tab.
When redirected, sign in by using your Microsoft account associated with the namespace.
Inside the namespace instance, look for the MCP connector section and click the + Create button.

Search for Playwright and pick the server to be deployed.

Search for Azure SQL and pick the server to be deployed.
In the creation window, select Manage Identity for Outbound Authentication method.
Upload the DAB configuration file generated earlier.
Click Create.

Wait for the required connection and server to be provisioned and deployed. Don't close the create pop-up after deployment. You'll set up an Application Insights resource to collect telemetry from your server.

Enable monitoring on the server

Open another tab to get the connection string of your Application Insights resource on Azure portal.
Go back to the namespace portal and click Enable monitoring.
Paste the connection string into the box and click Enable.
Click Done when App Insights is configured.

You should be automatically directed to the deployed server's Overview page where you can find the endpoint. If not, click the MCP Connectors tab on the left menu and find the server you deployed.

Grant the namespace identity access to database

The hosted SQL server uses the namespace's system-assigned managed identity (SAMI) to access your database, which you can enable during namespace creation.

If you didn't enable SAMI during creation, you can enable it by going to your namespace instance in the web portal. On the left menu, find the Identity tab. Toggle System Assigned to On and save the update.

Go to your SQL database on the Azure portal, open the Query editor and run the following to grant the managed identity access:

CREATE USER [<your-connector-namespace-name>] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [<your-connector-namespace-name>];
ALTER ROLE db_datawriter ADD MEMBER [<your-connector-namespace-name>];
GRANT VIEW DEFINITION TO [<your-connector-namespace-name>];

Replace <your-namespace-name> with the name of your Connector Namespace resource.

Connect from GitHub Copilot in Visual Studio Code

To connect your hosted MCP server to GitHub Copilot in VS Code, add the server configuration to your MCP settings:
```
{
  "servers": {
    "my-hosted-server": {
      "url": "<your-mcp-endpoint-url>",
      "type": "http"
    }
  }
}
```
Replace <your-mcp-endpoint-url> with the endpoint URL you copied from the server's Overview page.
Select Start above the server name. You're asked to authenticate with Microsoft. Sign in with the email you used to sign in to the Azure portal.
You should see the number of tools available above the server name.

Open Copilot agent mode, ask "What is the closest pizzeria to 11 Times Square?"

Open Copilot agent mode, ask "What tables are available?"

Connect from MCP Inspector

From the terminal, run:
```
az login
```
You'll get access token from your az login session to connect to the server.

Get access token:

MCP_TOKEN=$(az account get-access-token --resource https://apihub.azure.com --query accessToken -o tsv)

Make a call to the server to get tools supported:

npx @modelcontextprotocol/inspector --cli \
"<your-mcp-endpoint-url>" \
--transport http \
--method tools/list \
--header "Authorization: Bearer $MCP_TOKEN"

Call a specific tool. For example, the following calls the browser_navigate tool:

npx @modelcontextprotocol/inspector --cli \
"<your-mcp-endpoint-url>" \
--transport http \
--method tools/call \
--tool-name browser_navigate \
--tool-arg url="https://www.google.com/search?q=pizza+near+11+Times+Square+New+York" \
--header "Authorization: Bearer $MCP_TOKEN"

Call a specific tool. For example, the following calls the describe_entities tool to list available tables or entities:

npx @modelcontextprotocol/inspector --cli \
"<your-mcp-endpoint-url>" \
--transport http \
--method tools/call \
--header "Authorization: Bearer $MCP_TOKEN" \
--tool-name describe_entities \
--tool-arg 'nameOnly=true'

Call the read_records tool to retrieve records from an entity (Books):

npx @modelcontextprotocol/inspector --cli \
"<your-mcp-endpoint-url>" \
--transport http \
--method tools/call \
--header "Authorization: Bearer $MCP_TOKEN" \
--tool-name read_records \
--tool-arg 'entity=Books' \
--tool-arg 'first=2'

Important

Manually passing access tokens is suitable only for local development and testing. For production scenarios, use managed identities or OAuth flows to acquire tokens automatically.

Viewing server logs

Go to the Azure portal and find the Application Insights resource you configured with the MCP server.
On the left menu, find Investigate -> Search.
Set the Local Time filter on the top to the last 30 minutes. View the logs as traces or individual items.

Feedback

Was this page helpful?

Last updated on 2026-06-03