MCP server: Deployment experience server authentication prompt

[lilyjma]

Ask summary

When customers run the Azure Functions: Deploy to Function app or Azure Functions: Deploy to Azure command, detect whether the app is an MCP server, and if yes, add the following prompt:

Select how to authenticate to MCP server

• Built-in authentication
  • Description: Secure access through Easy Auth, which implements requirements in the MCP authentication spec
• Access key
  • Description: Secure access with x-functions-key header that requires Function app keys.
• Anonymous
  • Description: Unsecured endpoint. Only use if your MCP server is meant for unauthenticated consumption.

How to tell if an app is an MCP server

There are two flavors of MCP servers that can be hosted on Functions:

1. Self-hosted MCP servers: these are servers built with the official MCP SDKs
   • To tell if an app is an self-hosted MCP server, look inside the host.json for a property called configurationProfile with value mcp-custom-handler.
2. MCP extension servers: these are servers built with the Functions MCP extension and follows the Functions programming model.
   • To tell if an app is an MCP extension server, look inside the source code for a generic trigger of type mcpToolTrigger

Auth selections

If selected Built-in authentication

• For self-hosted MCP servers, first set customHandler.http.defaultAuthorizationLevel to Anonymous
• Create an Entra app registration with Microsoft as identity provider and VSCode as allowedApplications in the registration.
• Add and enable scope api://<entra app id>/user_impersonation that admins and users can consent to
• In Entra app, make VSCode an authorized client application
• Add an app setting called WEBSITE_AUTH_PRM_DEFAULT_WITH_SCOPES with value api://<entra app client id>/username_impersonation

If selected Access key

• Do nothing. This is the default for Function apps

If selected Anonymous

• For self-hosted MCP servers, set customHandler.http.defaultAuthorizationLevel to Anonymous
• For MCP trigger servers, set authLevel to Anonymous

Other requirements

• This new prompt shows only for the first time the server is deployed.
  • Later deployments don't show this prompt again since customers would have already indicated preference.
  • If the server was already deployed previously, i.e. before this new prompt was introduced, direct customers to the existing experience.
• If the customer goes through the Create new function app flow as part of deployment, show this new prompt after the last prompt in the create flow today ("Select resource authentication type" )

E2E flow summary

1. Customers run the Azure Functions: Deploy to Function app or Azure Functions: Deploy to Azure
2. Select function app or Create new function app (existing prompt today)

If selects function app
3. --> This ask: Select how to authenticate to MCP server
4. Prompt about connecting to remote server in VSCode workspace (new ask - see issue)
5. Pop up to confirm deployment (exists today)

If selects Create new function app
3. Enter app name (existing prompt)
4. Select location for new resources (existing prompt)
5. Select run time stack (existing prompt)
6. Select resource authentication type (existing prompt)
7. --> This ask: Select how to authenticate to MCP server
8. Prompt about connecting to remote server in VSCode workspace (new ask - see issue)

[im-samz]

To tell if an app is an MCP extension server, look inside the source code for a generic trigger of type mcpToolTrigger

Not sure how feasible this is. Is it also possible to mark something in the workspace if the developer initialized one of the MCP samples (both self-host MCP server project and MCP tool trigger template)