Microsoft Entra and App Service receive centralised MCP authorisation
Microsoft Entra ID and Azure App Service now offer centralised authorisation for the Model Context Protocol (MCP), simplifying corporate management and eliminating separate approval prompts.

What happened?
Microsoft has launched centralised management of MCP endpoints for enterprises via Azure App Service and Entra ID. This eliminates the requirement for individual approval prompts per server and applies corporate policies directly at the platform boundary. Furthermore, a stable Enterprise-Managed Authorization (EMA) extension has been published, implementing a new protocol that requires identity providers to issue Identity Assertion JWT Authorization Grants (ID-JAG) via RFC 8693 token exchange.
Key facts
Why it matters
This development is significant as it enables enterprises to operate Model Context Protocol servers at scale without employees needing to navigate separate browser-based approval flows for each server. By validating tokens at the platform boundary and applying Conditional Access policies before the application code, management is significantly simplified for IT departments while security is enhanced.
Who is affected?
Enterprises using Microsoft cloud services, particularly those managing large-scale AI models or other applications based on the Model Context Protocol, are affected. IT administrators and developers working with identity management and application deployment in Azure will see increased efficiency. Users within these organisations may experience a smoother login process and access to resources.
What else you should know
A new Python code sample demonstrates how both authorisation pathways can be implemented. The EMA extension represents a future step towards a more streamlined protocol for managing identity and access control for AI models and similar services.
Quick answers about this story
Vad har hänt?
När hände det?
Varför spelar det roll?
Vilka bolag berörs?
The link opens in a new window and leads to the publisher's own site.
Källan har spårats automatiskt från utgivaren via Aheadlines signalkedja.
AI-verktyg i artikeln
Topics
Get similar news straight to your inbox
The reader's room
Send in a question or an addition. The newsroom reads everything before it's published and replies when relevant. No AI-generated text – just people.
Sign in to submit a comment or question.
Read the article through your role
- Assess technical risk: model choice, vendor lock-in, data flow and running cost.
- Update the architecture doc if new APIs or regulations touch production.
- Ensure observability + rollback plan before rolling out to production.
Generated angle — not editorial analysis of "Microsoft Entra and App Service receive centralised MCP auth"