Building MCP servers with Entra ID and pre-authorized cli…

Article explains building a Python FastMCP server using Microsoft Entra ID and pre-authorized clients (like VS Code). It covers MCP auth flows, Entra app registration with user_impersonation scope, pre-registration limits, credential options (secret, certificate, managed identity), and OBO usage.

Microsoft published guidance for building MCP servers that authenticate users with Microsoft Entra ID. The guidance explains using pre-authorized clients, such as VS Code, to avoid an OAuth proxy and reduce risk.

Main feature/change and impact

The core change documents using Entra ID with MCP via pre-registration of clients. Entra lacks CIMD and DCR support, so pre-registration is the only supported path. Pre-registration requires registering the MCP server as an Entra app registration and listing approved client app IDs. This reduces architecture complexity and avoids introducing an OAuth proxy that increases attack surface.

Practical implications

Implementers must register the MCP server application in Entra and define scopes clearly. Create a user_impersonation scope and mark VS Code as a pre-authorized application. Choose secure credential strategies: client secret for local development, certificate or managed identity for production. Validate incoming v2.0 access tokens and require the api://{app_id}/user_impersonation scope.

“With Microsoft Entra as the authorization server, supporting arbitrary clients currently requires adding an OAuth proxy in front, which increases security risk.”

The implementation sequence follows OAuth 2.1 flows adapted to MCP constraints. MCP clients request resources, receive a PRM pointer, and redirect users to Entra for sign-in. After exchange, the client returns with a v2.0 token and the MCP server validates scope and claims. For servers that call downstream Microsoft APIs, the on-behalf-of flow requires admin consent and additional app permissions. Use Service Principal creation to represent the app registration in your tenant. For deployment, separate local and production credentials to balance developer convenience and operational security. Provision a production app registration with a federated identity credential tied to your managed identity. Store client secrets only in secure vaults and rotate frequently. Next steps are to implement FastMCP token validation, register your Entra app with the required scopes, and test sign-in flows end-to-end with VS Code and other pre-authorized clients.

Key points from the article:

MCP auth relies on OAuth 2.1 bearer tokens.

Entra ID does not support CIMD or DCR; use pre-registration.

Register app with user_impersonation scope and pre-authorized clients.

Use managed identity (MI-as-FIC) for secure production credentials.

OBO flow required to call downstream APIs like Microsoft Graph.

Related Coverage:

• Building sovereign AI at the edge: Microsoft and Armada collaborate to deliver Azure Local on Galleon modular datacenters
• Building Knowledge-Grounded AI Agents with Foundry IQ
• Microsoft Entra expands SCIM support with new SCIM 2.0 APIs for identity lifecycle operations

From the Microsoft Developer Community Blog articles

---