[APIM] MCP server updates

gitName · gitName · commit 87edc553dd87 · 2025-07-14T17:34:24.000-07:00
diff --git a/articles/api-management/connect-govern-existing-mcp-server.md b/articles/api-management/connect-govern-existing-mcp-server.md
@@ -0,0 +1,89 @@
+---
+title: Connect and govern existing MCP server in API Management | Microsoft Docs
+description: Learn how to connect and govern an existing Model Context Protocol (MCP) server in Azure API Management.
+author: dlepow
+ms.service: azure-api-management
+ms.topic: how-to
+ms.date: 07/14/2025
+ms.author: danlep
+ms.collection: ce-skilling-ai-copilot
+ms.custom:
+---
+
+# Connect and govern an existing MCP server
+
+[!INCLUDE [api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2](../../includes/api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2.md)]
+
+Azure API Management now supports secure integration with external MCP-compatible servers — tool servers hosted outside of API Management — through its built-in [AI gateway](genai-gateway-capabilities.md). This capability adds to existing support for MCP servers [natively exposed in API Management](export-rest-mcp-server.md) from managed REST APIs. Wit this enhancement, organizations can apply consistent governance, security, and observability to all MCP tools, regardless of where they are hosted. 
+
+This capability is essential for enterprises building AI agents and copilots that rely on tools distributed across cloud services, open-source runtimes, and internal platforms. With API Management, you can now centralize access, enforce policies, and monitor usage across your entire AI tool ecosystem.
+
+### Example scenarios
+
+- Proxy LangServe or LangChain tool servers through API Management with per-tool authentication and rate limits.
+- Securely expose Logic App–based tools to copilots using IP filtering and OAuth.
+- Centralize tools from Azure Functions and open-source runtimes into Azure API Center.
+- Enable GitHub Copilot, Claude, or ChatGPT to interact securely with tools across your enterprise.
+
+
+## Prerequisites
+
+- An Azure API Management instance with the AI Gateway feature enabled.
+- Access to an external MCP-compatible server (for example, hosted in Azure Logic Apps, Azure Functions, LangServe, or other platforms).
+- Appropriate credentials to the MCP server (OAuth 2.0 client credentials or API keys) for secure access.
+
+
+
+## Connect an existing MCP Server
+
+1. Navigate to your Azure API Management instance in the Azure portal.
+2. In the left-hand menu, select **MCP servers** > **+ Create MCP server**.
+2. Choose **Connect existing MCP server**.
+3. Enter the following details:
+   - **Base URL** of the external MCP server.
+   - **Metadata endpoint** (if available).
+   - **Tool schema** describing the server’s capabilities.
+
+## Configure access and security Policies
+
+1. Use **Credential Manager** to configure authentication:
+   - Choose between **OAuth 2.0 client credentials** or **API key**.
+   - Store secrets securely in **Azure Key Vault**.
+2. Apply inbound policies to:
+   - Inject or modify headers, tokens, and query parameters.
+   - Validate requests before routing to the external server.
+3. Set **rate limits and quotas** to prevent overuse and ensure fair access.
+
+### Step 4: Enable Monitoring and Logging
+
+1. Enable **Azure Monitor** integration to capture:
+   - Diagnostic logs
+   - Request/response traces
+   - Usage metrics
+2. Connect logs to your observability stack for auditing and analysis.
+
+### Step 5: Validate the Connection
+
+1. Use a compliant LLM agent (e.g., GitHub Copilot, Semantic Kernel, Copilot Studio) or a test client (e.g., Postman, curl) to call the APIM-hosted MCP endpoint.
+2. Ensure the request includes appropriate headers and tokens.
+3. Confirm successful routing and response from the external MCP server.
+
+
+## Summary
+
+With this enhancement, Azure API Management becomes the unified governance layer for both:
+- APIs exposed as MCP servers natively in APIM
+- External MCP servers hosted across various platforms
+
+By integrating with Azure API Center, all your AI tools become discoverable, auditable, and reusable — regardless of their hosting environment.
+
+## Related content
+
+* [Python sample: Secure remote MCP servers using Azure API Management (experimental)](https://github.com/Azure-Samples/remote-mcp-apim-functions-python)
+
+* [MCP client authorization lab](https://github.com/Azure-Samples/AI-Gateway/tree/main/labs/mcp-client-authorization)
+
+* [Use the Azure API Management extension for VS Code to import and manage APIs](visual-studio-code-tutorial.md)
+
+* [Register and discover remote MCP servers in Azure API Center](../api-center/register-discover-mcp-server.md)
+
diff --git a/articles/api-management/export-rest-mcp-server.md b/articles/api-management/export-rest-mcp-server.md
@@ -4,7 +4,7 @@ description: Learn how to expose a REST API in Azure API Management as an MCP se
 author: dlepow
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 06/27/2025
+ms.date: 07/14/2025
 ms.author: danlep
 ms.collection: ce-skilling-ai-copilot
 ms.custom:
@@ -13,15 +13,21 @@ ms.custom:
 
 # Expose REST API in API Management as an MCP server
 
-[!INCLUDE [api-management-premium-standard-basic](../../includes/api-management-availability-premium-standard-basic.md)]
-
+[!INCLUDE [api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2](../../includes/api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2.md)]
 
 In API Management, you can expose a REST API managed in API Management as a remote [Model Context Protocol (MCP)](https://www.anthropic.com/news/model-context-protocol) server. Expose one or more of the API operations as tools that MCP clients can call using the MCP protocol. 
 
+In addition to exposing your OpenAPI and HTTP endpoints as MCP servers, you can expose REST APIs managed in API Management such as the following:
+
+* [Azure function app](import-function-app-as-api.md), for accessing serverless APIs
+* [Azure logic app](import-logic-app-as-api.md), for automating workflows
+* [Azure container app](container.md), for deploying containerized APIs
+
+
 Using API Management to expose remote MCP servers provides centralized control over authentication, authorization, and monitoring. It simplifies the process of exposing APIs as MCP servers while helping to mitigate common security risks and ensuring scalability.
 
 > [!IMPORTANT]
-> This feature is being introduced in preview in the classic Basic, Standard, and Premium tiers. It's being released first to the **AI Gateway Early** [update group](configure-service-update-settings.md). After joining the group, it can take 2 hours to access MCP server features.
+> This feature is currently in preview. Review the [prerequisites](#prerequisites) to access MCP server features.
 
 In this article, you learn how to:
 
@@ -33,7 +39,8 @@ In this article, you learn how to:
 
 ## Prerequisites
 
-+ Complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md). Currently only the **Premium**, **Standard**, and **Basic** tiers of API Management support MCP servers.
++ If you don't already have an API Management instance, complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md). Your API Management instance must be in one of the supported service tiers for preview: classic Basic, Standard, Premium, Basic v2, Standard v2, or Premium v2.
++ If your instance is in the classic Basic, Standard, or Premium tier, you must join the **AI Gateway Early** [update group](configure-service-update-settings.md) to access MCP server features. It can take up to 2 hours for the update to be applied.
 + Make sure that your instance manages a REST API that you'd like to expose as an MCP server. To import a sample API, see [Import and publish your first API](import-and-publish.md).
     > [!NOTE]
     > Only HTTP APIs from API Management can be exposed as MCP servers.
@@ -42,13 +49,7 @@ In this article, you learn how to:
 
 ## Expose API as an MCP server
 
-
-1. In the Azure portal, access the MCP server preview at the following URL. The preview can ony be used in the supported API Management tiers:
-
-    ```
-    https://portal.azure.com/?Microsoft_Azure_ApiManagement=mcp
-    ```
-1. Navigate to your API Management instance.
+1. In the [Azure portal](https://portal.azure.com), navigate to your API Management instance.
 1. In the left menu, select **APIs** > **MCP Servers** > **+ Create new MCP Server**.
 1. In **API**, select a REST API to expose as an MCP server. 
 1. Select one or more **API Operations** to expose as tools. You can select all operations or only specific operations.
