A complete sample implementation of a Model Context Protocol (MCP) server that demonstrates secure authorization using Protected Resource Metadata (PRM) and Microsoft Graph API integration.
This sample implements the latest draft version of MCP Authorization specification with Protected Resource Metadata (PRM), which simplifies the authorization implementation a lot. The server is built with ASP.NET Core and deployed to Azure with full infrastructure automation.
- 🔐 Latest MCP Authorization: Implements MCP Authorization with Protected Resource Metadata (PRM)
- 🚀 Zero-Config Deployment: Complete infrastructure setup with a single command
- 🔑 Secure by Design: Uses Managed Identity as Federated Identity Credential (no client secrets)
- 📊 Microsoft Graph Access: Demonstrates accessing protected resources with user-delegated permissions
- Azure Developer CLI (azd)
- Azure subscription
- VS Code Insiders (for testing)
Deploy the complete solution to Azure with a single command:
azd upThis will provision:
- Azure API Management service
- App Service with the MCP server
- Microsoft Entra App
- Managed Identity as federated credential
- Application Insights for monitoring
- All necessary configuration
-
Install latest VS Code Insiders
-
Add MCP Server:
- Open Command Palette (
Ctrl+Shift+P) - Run
MCP: Add Server - Select
HTTPas the server type - Enter the endpoint URL from the
azd upoutput:
- Open Command Palette (
-
Authorize and Test:
- After a while, VS Code will prompt you to sign in to Microsoft
- After authentication, open GitHub Copilot
- Ask: "Who am I?" - Copilot will use the MCP server to retrieve your profile
The sample includes one MCP tool:
ShowUserProfile: Retrieves the current user's profile information from Microsoft Graph, including display name, email, job title, and department.