update screenshots

Author: gitName

articles/api-management/export-rest-mcp-server.md

@@ -4,7 +4,7 @@ description: Learn how to expose a REST API in Azure API Management as an MCP se
 author: dlepow
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 07/22/2025
+ms.date: 07/23/2025
 ms.author: danlep
 ms.collection: ce-skilling-ai-copilot
 ms.custom:
@@ -35,7 +35,7 @@ Learn more about:
 
 + Make sure that your instance manages an HTTP-compatible API (any API imported as a REST API, including APIs imported from Azure resources) that you'd like to expose as an MCP server. To import a sample API, see [Import and publish your first API](import-and-publish.md).
     > [!NOTE]
-    > Only HTTP APIs managed in API Management can be exposed as MCP servers.
+    > Other API types in API Management that aren't HTTP-compatible can't be exposed as MCP servers.
 
 + To test the MCP server, you can use Visual Studio Code with access to [GitHub Copilot](https://code.visualstudio.com/docs/copilot/setup).
 
@@ -47,21 +47,22 @@ Follow these steps to expose a managed REST API in API Management as an MCP serv
 1. In the [Azure portal](https://portal.azure.com), navigate to your API Management instance.
     [!INCLUDE [preview-callout-mcp-feature-flag](includes/preview/preview-callout-mcp-feature-flag.md)]
 
-1. In the left menu, under **APIs**, select **MCP servers** > **+ Create new MCP server**.
+1. In the left menu, under **APIs**, select **MCP Servers** > **+ Create MCP server**.
 1. Select **Expose an API as an MCP server**.
-1. In **Backend API**:
+1. In **Backend MCP server**:
     1. Select a managed **API** to expose as an MCP server. 
     1. Select one or more **API operations** to expose as tools. You can select all operations or only specific operations. 
         > [!NOTE]
         > You can update the operations exposed as tools later in the **Tools** blade of your MCP server.
 1. In **New MCP server**:
-    1. Enter a **Name** and optional **Description** for the MCP server in API Management.
-    1. In **Base URL**, configure the final URL where the MCP server will be accessible in API Management.
+    1. Enter a **Name** for the MCP server in API Management.
+    1. Optionally, enter a **Description** for the MCP server.
 1. Select **Create**.
 
 :::image type="content" source="media/export-rest-mcp-server/create-mcp-server.png" alt-text="Screenshot of creating an MCP server in the portal." :::
 
-The MCP server is created and the API operations are exposed as tools. The MCP server is listed in the **MCP servers** pane. The **URL** column shows the endpoint of the MCP server that you can call for testing or within a client application.
+* The MCP server is created and the API operations are exposed as tools. 
+* The MCP server is listed in the **MCP Servers** blade. The **Server URL** column shows the endpoint of the MCP server that you can call for testing or within a client application.
 
 
 :::image type="content" source="media/export-rest-mcp-server/mcp-server-list.png" alt-text="Screenshot of the MCP server list in the portal.":::

articles/api-management/expose-existing-mcp-server.md

@@ -1,10 +1,10 @@
 ---
-title: Connect and govern existing MCP server in API Management | Microsoft Docs
+title: Connect and govern existing MCP server in Azure API Management 
 description: Learn how to expose and govern an existing Model Context Protocol (MCP) server in Azure API Management.
 author: dlepow
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 07/22/2025
+ms.date: 07/23/2025
 ms.author: danlep
 ms.collection: ce-skilling-ai-copilot
 ms.custom:
@@ -14,7 +14,7 @@ ms.custom:
 
 [!INCLUDE [api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2](../../includes/api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2.md)]
 
-This article shows how to use API Management to expose and govern an existing MCP-compatible server - a tool server hosted outside of API Management. Expose the server's tools through API Management using its built-in [AI gateway](genai-gateway-capabilities.md) capabilities so that MCP clients can call them using the MCP protocol. 
+This article shows how to use API Management to expose and govern an existing MCP-compatible server - a tool server hosted outside of API Management. Expose and govern the server's tools through API Management so that MCP clients can call them using the MCP protocol. 
 
 [!INCLUDE [preview-callout-mcp-servers](includes/preview/preview-callout-mcp-servers.md)]
 
@@ -41,7 +41,7 @@ Learn more about:
 
 + Access to an external MCP-compatible server (for example, hosted in Azure Logic Apps, Azure Functions, LangServe, or other platforms).
 
-+ Appropriate credentials to the MCP server (OAuth 2.0 client credentials or API keys) for secure access.
++ Appropriate credentials to the MCP server (such as OAuth 2.0 client credentials or API keys, depending on the server) for secure access.
 
 + To test the MCP server, you can use Visual Studio Code with access to [GitHub Copilot](https://code.visualstudio.com/docs/copilot/setup).
 
@@ -53,25 +53,24 @@ Follow these steps to expose an existing MCP server is API Management:
     [!INCLUDE [preview-callout-mcp-feature-flag](includes/preview/preview-callout-mcp-feature-flag.md)]
 
 1. In the left-hand menu, under **APIs**, select **MCP servers** > **+ Create MCP server**.
-1. Select **Connect existing MCP server**.
-1. In **Backend API**:
+1. Select **Expose an existing MCP server**.
+1. In **Backend MCP server**:
     1. Enter the existing **MCP server base URL**.
-    1. Select a **Transport type**:
-         - **Streamable HTTP** (default) - Server delivers data continuously over HTTP as it becomes available
-         - **Server-sent events (SSE)** - Server pushes real-time updates to clients. When selected, optionally enter the following paths:
-             - `/sse` - path for streaming responses
-             - `/messages` - path for receiving tool requests from agents
+    1. In**Transport type**, **Streamable HTTP** is selected by default.
 1. In **New MCP server**:
-    1. Enter a **Name** and optional **Description** for the MCP server in API Management.
-    1. In **Base path**, enter a route prefix for tools. 
-    1. In **Base URL**, configure the final URL where the MCP server will be accessible in API Management.
+    1. Enter a **Name** the MCP server in API Management.
+    1. In **Base path**, enter a route prefix for tools. Example: `mytools`
+    1. Optionally, enter a **Description** for the MCP server. 
 1. Select **Create**.
 
 :::image type="content" source="media/expose-existing-mcp-server/create-mcp-server.png" alt-text="Screenshot of creating an MCP server in the portal." :::
 
-The MCP server is connected and is listed in the **MCP servers** pane. The **URL** column shows the MCP server URL that you can call for testing or within a client application.
+* The MCP server is created and the remote server's operations are exposed as tools. 
+* The MCP server is listed in the **MCP Servers** pane. The **Server URL** column shows the MCP server URL that you can call for testing or within a client application.
 
-> [!NOTE]
+:::image type="content" source="media/expose-existing-mcp-server/mcp-server-list.png" alt-text="Screenshot of the MCP server list in the portal.":::
+
+> [!IMPORTANT]
 > API Management doesn't display tools from the existing MCP server. All tool registration and configuration must be done on the existing remote MCP server.
 
 [!INCLUDE [api-management-configure-test-mcp-server](../../includes/api-management-configure-test-mcp-server.md)]

articles/api-management/mcp-server-overview.md

@@ -6,11 +6,14 @@ ms.service: azure-api-management
 ms.topic: concept-article
 ms.date: 07/23/2025
 ms.author: danlep
+ms.collection: ce-skilling-ai-copilot
 ms.custom:
 ---
 
 # About MCP servers in Azure API Management
 
+[!INCLUDE [api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2](../../includes/api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2.md)]
+
 This article introduces features in Azure API Management that you can use to manage Model Context Protocol (MCP) servers. MCP servers allow AI agents to access external data sources, such as databases or APIs, through a standardized protocol. 
 
 Use API Management to securely expose and govern API operations as tools for large language models (LLMs) and AI agents like GitHub Copilot, ChatGPT, Claude, and more. API Management provides centralized control over MCP server authentication, authorization, and monitoring. It simplifies the management of MCP servers while helping to mitigate common security risks and ensuring scalability.
@@ -43,11 +46,6 @@ The MCP architecture is built on [JSON-RPC 2.0 for messaging](https://modelconte
 
 * **Local MCP servers** MCP clients use standard input/output as a local transport method to connect to MCP servers on the same machine,.
 
-Azure API Management supports the remote MCP server mode, using native features of API Management and [capabilities of the AI gateway](./genai-gateway-capabilities.md) to manage MCP server endpoints.
-
-> [!NOTE]
-> MCP server support in API Management is in preview. In preview, API Management supports MCP server tools, but doesn't currently support MCP resources or prompts.
-
 ## MCP server endpoints
 
 
@@ -60,13 +58,17 @@ MCP provides the following transport types and typical endpoints for remote serv
 
 ## Expose MCP servers in API Management
 
-API Management supports > [!NOTE]
-> Information the user should notice even if skimmingtwo built-in ways to expose MCP servers:
+Azure API Management supports the remote MCP server mode, using native features of API Management and [capabilities of the AI gateway](./genai-gateway-capabilities.md) to manage MCP server endpoints.
+
+> [!NOTE]
+> MCP server support in API Management is in preview. In preview, API Management supports MCP server tools, but doesn't currently support MCP resources or prompts.
+
+API Management provides two built-in ways to expose MCP servers:
 
 | Source                                   | Description                                                                                   |
 |-------------------------------------------|-----------------------------------------------------------------------------------------------|
-| REST API as MCP server                    | Expose any REST API managed in API Management as an MCP server, including REST APIs imported from Azure resources. API operations become MCP tools. [Learn more](export-rest-mcp-server.md). |
-| Existing MCP server                       | Expose an MCP-compatible server (for example, LangChain, LangServe, Logic Apps, Azure Functions) via API Management. [Learn more](expose-existing-mcp-server.md). |
+| REST API as MCP server                    | Expose any REST API managed in API Management as an MCP server, including REST APIs imported from Azure resources. API operations become MCP tools. [Learn more](export-rest-mcp-server.md) |
+| Existing MCP server                       | Expose an MCP-compatible server (for example, LangChain, LangServe, Azure logic app, Azure function app) via API Management. [Learn more](expose-existing-mcp-server.md) |
 
 
 ## Govern MCP servers
@@ -83,21 +85,23 @@ Configure policies such as the following::
 
 ## Secure access to the MCP server
 
-You can secure both inbound access to the MCP server (from an MCP client to API Management) and outbound access (from API Management to the MCP server backend).
+You can secure either or both inbound access to the MCP server (from an MCP client to API Management) and outbound access (from API Management to the MCP server backend).
 
 ### Secure inbound access
 
-One option to secure inbound access is to configure a policy to validate a JSON web token (JWT) generated using an identity provider in the incoming requests. This ensures that only authorized clients can access the MCP server. Use the generic [validate-jwt](validate-jwt-policy.md) policy, or the [validate-azure-ad-token](validate-azure-ad-token-policy.md) policy when using Microsoft Entra ID, to validate the JWT token in the incoming requests. The following is a basic example of validating a Microsoft Entra ID token:
+One option to secure inbound access is to configure a policy to validate a JSON web token (JWT) generated using an identity provider in the incoming requests. This ensures that only authorized clients can access the MCP server. Use the generic [validate-jwt](validate-jwt-policy.md) policy, or the [validate-azure-ad-token](validate-azure-ad-token-policy.md) policy when using Microsoft Entra ID, to validate the JWT token in the incoming requests. 
+
+The following is a basic example of validating a Microsoft Entra ID token presented in an `Authorization` header in the incoming request:
 
 ```xml
-<validate-azure-ad-token header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid."> 
+<validate-azure-ad-token header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">     
     <client-application-ids>
         <application-id>your-client-id</application-id>
     </client-application-ids> 
 </validate-azure-ad-token>
 ```
 
-For more inbound authorization options and samples, see:
+For more inbound authorization options and samples, including using OAuth authorization, see:
 
 * [MCP server authorization with Protected Resource Metadata (PRM) sample](https://github.com/blackchoey/remote-mcp-apim-oauth-prm)
 

articles/api-management/media/export-rest-mcp-server/create-mcp-server.png

@@ -9,15 +9,20 @@ ms.author: danlep
 
 Configure one or more API Management [policies](../articles/api-management/api-management-howto-policies.md) to help manage the MCP server. The policies are applied to all API operations exposed as tools in the MCP server and can be used to control access, authentication, and other aspects of the tools.
 
-For a tutorial on how to configure policies, see [Transform and protect your API](../articles/api-management/transform-api.md).
+Learn more about configuring policies:
+
+* [Policies in API Management](../articles/api-management/api-management-howto-policies.md)
+* [Transform and protect your API](../articles/api-management/transform-api.md)
+* [Set and edit policies](../articles/api-management/set-edit-policies.md)
 
 To configure policies for the MCP server:
+
 1. In the [Azure portal](https://portal.azure.com), navigate to your API Management instance.
     [!INCLUDE [preview-callout-mcp-feature-flag](../articles/api-management/includes/preview/preview-callout-mcp-feature-flag.md)]
 
-1. In the left-hand menu, under **APIs**, select **MCP servers**.
-1. Select the MCP server that you created.
-1. In the left menu, under **Details**, select **Policies**.
+1. In the left-hand menu, under **APIs**, select **MCP Servers**.
+1. Select an MCP server from the list.
+1. In the left menu, under **MCP**, select **Policies**.
 1. In the policy editor, add or edit the policies you want to apply to the MCP server's tools. The policies are defined in XML format. For example, you can add a policy to limit calls to the MCP server's tools (in this example, 5 calls per 30 seconds per client IP address).
 
     ```xml
@@ -41,8 +46,8 @@ To add the MCP server in Visual Studio Code:
 
 1. Use the **MCP: Add Server** command from the Command Palette. 
 1. When prompted, select the server type: **HTTP (HTTP or Server Sent Events)**.
-1. Enter the **URL of the MCP server** in API Management. Example: `https://<apim-service-name>.azure-api.net/<api-name>-mcp/sse` (for SSE endpoint) or `https://<apim-service-name>.azure-api.net/<api-name>-mcp/mcp` (for MCP endpoint)
-1. Enter a **server ID** of your choice.
+1. Enter the **Server URL** of the MCP server in API Management. Example: `https://<apim-service-name>.azure-api.net/<api-name>-mcp/mcp` (for MCP endpoint)
+1. Enter a **Server ID** of your choice.
 1. Select whether to save the configuration to your **workspace settings** or **user settings**. 
     * **Workspace settings** - The server configuration is saved to a `.vscode/mcp.json` file only available in the current workspace.
 
@@ -56,7 +61,7 @@ Add fields to the JSON configuration for settings such as authentication header.
 
 ### Use tools in agent mode
 
-After adding an MCP server, you can use tools in agent mode.
+After adding an MCP server in Visual Studio Code, you can use tools in agent mode.
 
 1. In GitHub Copilot chat, select **Agent** mode and select the **Tools** button to see available tools.
 
@@ -89,7 +94,9 @@ After adding an MCP server, you can use tools in agent mode.
 
 ## Related content
 
-* [Python sample: Secure remote MCP servers using Azure API Management (experimental)](https://github.com/Azure-Samples/remote-mcp-apim-functions-python)
+* [Sample: MCP Servers authorization with Protected Resource Metadata (PRM)](https://github.com/blackchoey/remote-mcp-apim-oauth-prm/)
+
+* [Sample: Secure remote MCP servers using Azure API Management (experimental)](https://github.com/Azure-Samples/remote-mcp-apim-functions-python)
 
 * [MCP client authorization lab](https://github.com/Azure-Samples/AI-Gateway/tree/main/labs/mcp-client-authorization)