Agent 365 tooling servers overview

Agent 365 tooling servers are enterprise-grade Model Context Protocol (MCP) servers that give agents safe, governed access to business systems such as Microsoft Outlook, Microsoft Teams, Microsoft SharePoint and OneDrive, Microsoft Dataverse, and more through the tooling gateway. Builders can use these servers from the Agent 365 SDK, Microsoft Copilot Studio, or pro-code frameworks to add deterministic, auditable "tools" to any agent. These tools allow agents to automate real work enabling interoperability with Work IQ—sending emails, scheduling meetings, retrieving documents—while enforcing organizational policies like DLP and MIP and also integrating with Microsoft Sentinel and Microsoft Defender for observability into actions taken by these tools.

The control plane registers servers, enforces Microsoft Entra scopes, and applies policy and observability. Each server exposes granular tools (for example, createMessage, getEvents, createFolder) for deterministic, auditable agent actions.

Developers building Agent 365 agents can:

• Discover and integrate Microsoft agentic tools like MCP servers for Outlook, SharePoint, OneDrive, Teams, and Word.
• Extend capabilities with standalone tools and servers from ISVs.
• Confidently onboard custom MCP servers through certification and policy enforcement.

These benefits matter because by using Agent 365, organizations can extend agent capabilities while maintaining security, compliance, and observability.

Key features

• Centralized governance: IT admins manage MCP servers in the Microsoft 365 admin center, allowing or blocking servers across the organization.
• Enterprise‑grade security: Scoped permissions, policy enforcement, and runtime observability ensure agents operate within compliance boundaries.
• Continuous evaluation: All MCP servers undergo rigorous testing across diverse datasets and models, measuring:
  • Accuracy
  • Latency
  • Reliability This testing ensures production‑grade robustness and consistent performance.
• Integrated developer experience: Tooling infrastructure is built into Agent 365 SDK, Foundry SDK, and Copilot Studio.

Tools catalog

Agent 365 offers a rich catalog of MCP servers that expose granular, auditable tools for productivity and business workflows. These servers enable agents to perform deterministic actions across Microsoft 365 and beyond, ensuring consistency and security.

Highlights include:

• Copilot Search: Chat with Microsoft 365 Copilot, start a conversation, continue multi‑turn threads, and ground responses with files.
• Dataverse and Dynamics 365: CRUD operations and domain‑specific actions.
• Outlook Calendar: Create, list, update, and delete events; accept and decline; resolve conflicts.
• Outlook Mail: Create, update, and delete messages; reply and reply‑all; semantic search.
• SharePoint and OneDrive: Upload files; get metadata; search; manage lists.
• Teams: Create, update, and delete chat; add members; post messages; channel operations.
• User Profile: Get manager, direct reports, and profile info; search users.
• Word: Create and read documents; add comments; reply to comments.

This curated catalog ensures agents have access to enterprise-ready tools that are secure, standardized, and optimized for real-world scenarios.

Security and compliance

Security and compliance are at the heart of Agent 365. The platform provides IT administrators with centralized control to manage which MCP servers are available to agents, ensuring that every tool call adheres to organizational policies.

Key governance features:

• Admin control: Activate or block servers in Microsoft 365 admin center.
• Scoped access: Grant only the permissions agents need.
• Observability: Provide full tracing of tool calls for audits and troubleshooting.
• Policy enforcement: Enforce rate limits, payload checks, and security scans at runtime.

Governance and observability

Agent 365 doesn’t just provide tools it ensures they are deployed with enterprise-grade control and transparency. Every MCP server is governed through centralized policies and monitored for compliance, giving IT administrators full confidence in how agents operate.

Governance using Microsoft 365 admin center

IT admins gain a unified view of all MCP servers through Microsoft 365 admin center. This centralized perspective allows them to oversee, manage, and enforce governance across the entire MCP landscape. If an MCP server is blocked, it is blocked for every user and every agent. Permissions always take precedence over configuration, giving IT admins ultimate authority to maintain security and compliance.

Each MCP server is represented by a permission on the Agent 365 application. When an agent is onboarded, the admin grants the required permissions. Only after this consent does the agent gain access to the MCP server, ensuring that every interaction is secure and fully authorized.

IT admins can manage MCP servers directly in the Microsoft 365 admin center under the Agents and Tools to do the following tasks.

• View all activated MCP servers (Outlook Mail, Calendar, Teams, SharePoint, and any custom servers).
• Allow or block specific servers based on organizational policies.
• Apply scoped permissions so agents only access what they need.

This control plane ensures that only approved tools are available to agents, reducing risk and aligning with compliance requirements.

Observability using Microsoft Defender

Operational transparency is built in. Admins can navigate to the Microsoft Defender portal, go to Advanced Hunting, and run queries to:

• Inspect trace logs of tool calls made by agents.
• Monitor execution details, including which tools were invoked, parameters passed, and outcomes.
• Detect anomalies or unauthorized usage patterns for proactive security.

Agent 365 provides a secure, centralized gateway for extending AI agents with enterprise-ready tools through default MCP servers for Microsoft 365 services and custom tooling servers for specialized workflows, developers can build powerful, compliant agents without sacrificing flexibility.

With centralized governance in the Microsoft 365 admin center and full observability using Microsoft Defender, organizations maintain control and transparency over every tool call. Integrated into Copilot Studio for low-code builders and Azure AI Foundry for pro-code developers, Agent 365 delivers a consistent, developer-friendly experience backed by rigorous evaluation for accuracy, latency, and reliability.

Agent 365 combines extensibility, security, and compliance to help organizations confidently scale AI agents across productivity and business systems.

Together, these capabilities provide peace of mind: agents remain powerful yet predictable, and every action is auditable.

Developer experience

Agent 365 is designed for developers first, offering a seamless experience across pro-code and low-code environments. Whether you're building in Copilot Studio or using the Agent 365 SDK, integration with MCP servers is straightforward and consistent.

Developer benefits include:

• Discover tools through the Agent 365 SDK or Copilot Studio.
• Integrate MCP servers into agent workflows by using declarative manifests or SDK calls.
• Test and validate with tracing enabled for transparency.

Learn more in Extend using the SDK.

Extend your agents with available or custom MCP servers

Agent 365 gives you two ways to extend your agents with secure, standardized tools:

1. Use the default MCP servers provided by Microsoft for common productivity and business workflows.
2. Build and onboard your own custom MCP servers for specialized or line-of-business scenarios.

Both approaches leverage the tooling gateway for governance, policy enforcement, and observability, ensuring that every tool call is secure and compliant.

Default MCP servers

Use Microsoft-built MCP servers that are pre-certified and deeply integrated with Microsoft 365 services. These servers cover core productivity tools like Outlook, Teams, SharePoint, OneDrive, Word, and business tools from Dataverse, Sales, and Service. With these servers, you can enable rich workflows without writing a single line of code.

You can see and access these ready-made servers in both development experiences:

• Copilot Studio for low-code developers, enabling quick integration into conversational flows and business processes.
• Azure AI Foundry for pro-code developers, providing full SDK support and advanced orchestration capabilities.

Build scenario-focused custom MCP servers with the Microsoft MCP Management Server

For organizations that need specialized workflows or industry-specific tools, Agent 365 provides the Microsoft MCP Management Server. This API-first build surface lets you create and manage custom MCP servers without building a UI or writing complex code.

The MCP Management Server is an MCP server that exposes tools for creating, updating, and deleting MCP servers and tools. It enables developers and IT teams to quickly stand up scenario-focused servers by using connectors, APIs, and custom logic, all governed by the tooling gateway.

Core tools include:

• CreateMCPServer: Spin up a new MCP server instance.
• CreateToolWithConnector: Add connectors, Graph APIs, REST endpoints, or Dataverse custom APIs as tools.
• UpdateTool: Modify existing tools in your MCP server.
• DeleteMCPServer: Remove an MCP server when no longer needed.
• PublishMCPServer: Publish an MCP server.

The MCP Management Server uses an API-first design, so it doesn't require a user interface. Everything is fully API-driven for automation and integration. Developers can work directly in Visual Studio Code or within agent frameworks, composing workflows through API calls or conversational agent interactions. This approach enables teams to build, configure, and manage custom MCP servers programmatically with precision and flexibility.

Key capabilities

Build scenario-focused MCP servers by:

• Taking advantage of a rich ecosystem of connectors and APIs to integrate virtually any system into your agent workflows.
  • 1,500+ connectors (for example, ServiceNow, JIRA)
  • Microsoft Graph APIs (Mail, Calendar, Teams)
  • Dataverse custom APIs
  • REST APIs for any HTTP endpoint
• Enabling ISVs and customers. The platform supports multiple roles in the ecosystem, ensuring innovation and extensibility at scale.
  • ISVs can build, publish, and certify their own servers.
  • Customers can create line-of-business MCP servers.

Connect to MCP Management Server in Visual Studio Code

1. Download Visual Studio Code. If you don't have it installed, download it from https://code.visualstudio.com/download.
2. Launch Visual Studio Code.
3. Open a command prompt by pressing Ctrl + Shift + P on Windows or Linux, or Cmd + Shift + P on Mac.
4. Search for "Add Server."
5. Select MCP: Add Server from the list.
6. When prompted, select http as the server type.
7. Enter the following URL as the server URL, replacing {environment ID} with your Power Platform environment ID. https://agent365.svc.cloud.microsoft/mcp/environments/{environment ID}/servers/MCPManagement.
8. Name the server "MCPManagement."
9. Choose Global so the server is available across all projects.
10. Sign in with your Microsoft account credentials when prompted.

Use built‑in tools such as Create MCP Server and Add Tools to define your custom MCP server.

Next step

Learn about the capabilities of individual MCP servers by viewing the MCP server reference documentation listed in the table of contents.

Related content

• Agent identity
• Data security
• Observability
• Threat protection