Azure Logic Apps Standard Enters MCP Public Preview — Expose Connectors as Agent Tools

September 22, 2025 · 3 min

What this preview does

Microsoft now allows Azure Logic Apps (Standard) to operate as Model Context Protocol (MCP) servers in public preview. That lets you surface HTTP Request/Response workflows as discoverable, callable agent tools for MCP-capable clients (for example VS Code + Copilot).

What’s included

Remote MCP server on Logic Apps (Standard): configure a Standard logic app to host an MCP endpoint at /api/mcp and expose workflows triggered by HTTP Request with a Response action as tools. Authentication is handled via Easy Auth and MCP endpoints default to OAuth 2.0. VS Code (≥1.102) includes GA MCP client support for testing.
API Center registration (preview): you can create and register MCP servers in Azure API Center so selected managed connector actions become cataloged and governed tools.

Reference: https://learn.microsoft.com/en-us/azure/logic-apps/set-up-model-context-protocol-server-standard

Key requirements and transport details

Workflow shape: tools must be implemented as an HTTP Request trigger (“When a HTTP request is received”) plus a Response action.
Auth & access control: default MCP auth is OAuth 2.0; Easy Auth enforces client/identity/tenant restrictions. During setup, App Service authentication must allow unauthenticated requests (the MCP flow still performs OAuth).
Transports: streamable HTTP works out of the box. Server-Sent Events (SSE) requires VNET integration and setting Runtime.Backend.EdgeWorkflowRuntimeTriggerListener.AllowCrossWorkerCommunication=true in host.json.
Enablement switch: enable MCP APIs by adding extensions.workflow.McpServerEndpoints.enable=true to host.json.

API Center path: preview limits to note

When creating MCP servers via API Center backed by Logic Apps, the preview imposes these constraints:

Start with an empty Standard logic app resource.
One connector per MCP server.
Built-in service-provider and custom connectors aren’t supported in this path (managed connectors only).
One action per tool. These limitations influence how you design tool granularity and server layout at scale.

Why target Standard runtime?

Logic Apps (Standard) runs on the single-tenant runtime (on Azure Functions), supports multiple workflows per app, and integrates with virtual networks and private endpoints. These characteristics make it better suited for exposing private systems safely to agents and for predictable throughput/latency. By contrast, Consumption is multitenant, single-workflow per app, and pay-per-execution.

Tooling semantics and discoverability

Microsoft recommends adding trigger descriptions, parameter schemas/descriptions, and required markers so MCP clients can more reliably select and call tools. These annotations are read by MCP clients and influence invocation behavior.

Connectors and enterprise reach

Organizations can expose existing workflows and many Logic Apps connectors (cloud and on-prem) through MCP — Microsoft cites more than 1,400 connectors — turning them into callable agent tools.

Operations, governance, and testing

Run history plus Application Insights and Log Analytics remain available for diagnostics and audits. VS Code supports quick client validation via MCP: adding a server includes OAuth sign-in and tool enumeration. Registering MCP servers in API Center adds discovery and governance across teams.

Production notes from the preview

SSE requires both VNET integration and the cross-worker setting; otherwise use streamable HTTP.
Easy Auth must be configured precisely, including the “allow unauthenticated” toggle, or client sign-in flows will fail despite OAuth expectations.
Throttling, idempotency, and schema versioning are still the developer’s responsibility when wrapping connectors as tools — these are operational concerns to account for during rollout.

Teams already using Logic Apps can adopt this preview as a relatively low-friction, standards-aligned way to operationalize agent tooling for enterprise systems, while watching for API Center limits, SSE prerequisites, and Easy Auth nuances.