Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Model Context Protocol (MCP) servers are third-party services that provide tools and actions for Microsoft 365 Copilot and other AI-powered experiences. To ensure these external services are secure, reliable, and compliant, Microsoft requires that they undergo a certification process before being made available to all users. At present, the certification of an MCP server is handled through the Microsoft connector certification program, much like a standard Power Platform custom connector. In other words, an MCP server is packaged and submitted as a Power Platform connector and must meet all applicable Marketplace policies and technical standards. This article outlines the current MCP server certification process.
Certified MCP servers
Each certified MCP server provides reference content to support setting up the tools and actions that integrate with Microsoft 365 Copilot and other AI experiences. To see the filtered list of current certified MCP servers, go to MCP servers.
Prerequisites
Before submitting an MCP server for certification, make sure you meet all eligibility, technical, and compliance requirements.
Publisher eligibility
You must be a verified publisher to submit MCP servers for certification. Your organization must:
Have a Microsoft Partner Center account with completed business verification.
Be enrolled in the Microsoft 365 and Copilot program.
Own or control the MCP server endpoint you're submitting.
If you're an independent publisher who doesn't own the underlying service, you're not eligible to submit directly. You must partner with the service owner or complete verification before pursuing certification.
Authentication support
MCP servers must support at least one approved authentication method, such as OAuth 2.0 (preferred), API key, or Basic Authentication.
For OAuth-based MCP servers, register a multitenant application with your identity provider and provide the required OAuth configuration details during submission. You must also supply test credentials and configuration instructions so Microsoft can validate each MCP tool during certification.
MCP artifacts and packaging
Package MCP servers by using the same artifacts and structure as Power Platform connectors. Include these components:
A complete OpenAPI definition describing all MCP tools and endpoints
Correctly configured authentication settings
Required metadata such as name, description, categories, icons, and localization
An intro.md file that serves as the public documentation for the MCP server
The intro.md should describe the MCP server's purpose, supported tools, setup steps, authentication requirements, and known limitations. Thoroughly test all MCP tools before submission to ensure consistent and valid responses.
For more information, see Prepare connector files for certification.
Certification process
The MCP server certification process involves multiple stages to ensure the service meets Microsoft's standards for security, reliability, compliance, and responsible AI use.
Prepare package for submission
To submit your MCP server for certification, go to the Microsoft Partner Center and create a new offer under the "Microsoft 365 and Copilot – Power Platform Connector" category. Although MCP servers are distinct from traditional connectors, you certify and publish them through this same pipeline.
During offer creation, provide metadata, legal and support information, and required logos. Upload the MCP package that contains the OpenAPI definition, intro.md, and supporting artifacts.
Tip
Providing evaluation (EVAL) test evidence isn't mandatory. However, including EVAL test proof with your submission can significantly expedite the certification review process by helping Microsoft validate expected behavior and safety scenarios more efficiently.
For detailed steps on creating and submitting your offer, see Verified publisher certification process.
Automated validation
After you submit your package, Microsoft performs automated validation to verify schema correctness, metadata completeness, packaging integrity, and baseline policy compliance. Any blocking issues must be resolved before the MCP server can proceed to manual review.
Manual review and testing
After automated validation, Microsoft conducts a manual review to assess MCP server functionality, security, compliance, telemetry, and responsible AI readiness. Each MCP tool is tested by using the provided credentials to confirm behavior matches documentation. Publishers must ensure secure endpoints, verified domain ownership, least privileged access, and sufficient telemetry to support auditing and traceability.
Responsible AI evaluation
For MCP servers with AI‑driven behavior or tools that act on user data, publishers are responsible for designing, testing, and documenting safe and compliant behavior. Microsoft evaluates the MCP server by using normal, edge‑case, and adversarial scenarios to validate safety, permission handling, and adherence to content policies. The publisher must fix any unsafe or unexpected behavior before certification approval.
Deployment and regional availability
After the MCP server passes all validation and review stages and certification is approved, Microsoft deploys the certified MCP integration across all supported regions. At this stage, the MCP server becomes available for use in Microsoft 365 and Copilot experiences according to standard availability and compliance requirements.
Approval and publishing
After all reviews are successful, the MCP server is certified and published. Certified MCP servers are available across relevant Microsoft 365, Copilot, and Power Platform experiences, with visible publisher attribution and certification status.
Public documentation is generated from the submitted metadata and intro.md file and surfaced through Microsoft documentation and discovery experiences.
Post‑certification responsibilities
Certification is an ongoing commitment. As a publisher, you're responsible for maintaining compliance and reliability after publication. To do this responsibility, you must:
- Keep the MCP server implementation aligned with the certified definition and resubmit updates when introducing new tools or significant changes.
- Maintain accurate documentation and monitor telemetry and service health.
- Respond promptly to support or compliance issues. Microsoft continuously monitors certified MCP servers for regressions, security issues, or policy violations and might take corrective action if it detects any.