Microsoft Entra and App Service updated with enterprise AI controls
Microsoft has updated Azure App Service and Entra ID with advanced authorisation capabilities, enabling centralised management of Model Context Protocol (MCP) and support for the new Enterprise-Managed Authorisation (EMA) protocol.

What happened?
Microsoft's Azure App Service and Entra ID now offer centralised MCP endpoints. These eliminate the need for individual consents per server and apply corporate policies directly at the platform edge. Furthermore, the stable Enterprise-Managed Authorisation (EMA) extension has been launched, requiring identity providers to issue ID-JAG attestations validated via RFC 7523 token exchange.
Key facts
”Microsoft's Azure App Service and Entra ID now provide centrally governed MCP endpoints that eliminate per-server consent prompts and enforce tenant policy at the platform edge.”
”The stable Enterprise-Managed Authorization (EMA) extension goes further, requiring identity providers to issue ID-JAG assertions that MCP authorization servers validate via RFC 7523 token exchange.”
”The stable Enterprise-Managed Authorization extension, published this month, defines a different wire protocol. It requires the enterprise identity provider to issue an Identity Assertion JWT Authorization Grant (ID-JAG) through RFC 8693 token exchange.”
Why it matters
These updates enable scalable operation of Model Context Protocol servers in enterprise environments without requiring users to approve each server individually. By integrating with Entra ID and Azure App Service authentication features, companies can apply Conditional Access policies and validate tokens at the platform edge, simplifying administration and increasing security for AI-related services.
Who is affected?
The updates primarily affect IT administrators, DevOps teams and developers working with AI models and deploying them via the Azure platform. End-users within companies using AI applications also benefit from a smoother authentication process without frequent consent requests.
What else you should know
A new Python sample demonstrates how both the centralised MCP endpoints and the EMA extension can be implemented. The EMA extension defines a new protocol requiring the identity provider to issue an Identity Assertion JWT Authorisation Grant (ID-JAG) via RFC 8693 token exchange.
Quick answers about this story
Vad har hänt?
När hände det?
Varför spelar det roll?
Vilka tekniska standarder används?
The link opens in a new window and leads to the publisher's own site.
Källan har spårats automatiskt från utgivaren via Aheadlines signalkedja.
AI-verktyg i artikeln
Topics
Get similar news straight to your inbox
The reader's room
Send in a question or an addition. The newsroom reads everything before it's published and replies when relevant. No AI-generated text – just people.
Sign in to submit a comment or question.
Read the article through your role
- Assess technical risk: model choice, vendor lock-in, data flow and running cost.
- Update the architecture doc if new APIs or regulations touch production.
- Ensure observability + rollback plan before rolling out to production.
Generated angle — not editorial analysis of "Microsoft Entra and App Service updated with enterprise AI c"