Skip to main content

Grant-MsIdMcpServerPermission

SYNOPSIS

Grants delegated permissions to MCP clients for the Microsoft MCP Server for Enterprise.

SYNTAX

PredefinedClients (Default)

Grant-MsIdMcpServerPermission [-MCPClient <String[]>] [-Scopes <String[]>] [-ProgressAction <ActionPreference>]
 [<CommonParameters>]

PredefinedClientsScopes

Grant-MsIdMcpServerPermission -MCPClient <String[]> -Scopes <String[]> [-ProgressAction <ActionPreference>]
 [<CommonParameters>]

CustomClientsScopes

Grant-MsIdMcpServerPermission -MCPClientServicePrincipalId <String[]> -Scopes <String[]>
 [-ProgressAction <ActionPreference>] [<CommonParameters>]

CustomClients

Grant-MsIdMcpServerPermission -MCPClientServicePrincipalId <String[]> [-ProgressAction <ActionPreference>]
 [<CommonParameters>]

DESCRIPTION

This cmdlet grants OAuth2 delegated permissions to MCP clients (like VS Code or Visual Studio) to access the Microsoft MCP Server for Enterprise. You can specify predefined clients or provide custom MCP client app IDs.

EXAMPLES

EXAMPLE 1

Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Grant-MsIdMcpServerPermission
Grants all available permissions to Visual Studio Code (default MCP client if none specified).

EXAMPLE 2

Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Grant-MsIdMcpServerPermission -MCPClient 'VisualStudioCode'
Grants all available permissions to Visual Studio Code.

EXAMPLE 3

Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Grant-MsIdMcpServerPermission -MCPClient 'VisualStudio', 'VisualStudioCode'
Grants all available permissions to Visual Studio and Visual Studio Code.

EXAMPLE 4

Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Grant-MsIdMcpServerPermission -MCPClientServicePrincipalId '12345678-1234-1234-1234-123456789012'
Grants all available permissions to a custom MCP client using its service principal ID.

EXAMPLE 5

Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Grant-MsIdMcpServerPermission -MCPClient 'VisualStudioCode' -Scopes 'MCP.User.Read.All', 'MCP.Group.Read.All'
Grant specific permissions to Visual Studio Code.

EXAMPLE 6

Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Grant-MsIdMcpServerPermission -MCPClient 'VisualStudioMSAL' -Scopes 'MCP.User.Read.All'
Grants specific permissions to Visual Studio MSAL client.

EXAMPLE 7

Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Grant-MsIdMcpServerPermission -MCPClientServicePrincipalId '12345678-1234-1234-1234-123456789012' -Scopes 'MCP.User.Read.All'
Grants specific permissions to a custom MCP client.

PARAMETERS

-MCPClient

Specifies the Visual Studio client(s) to grant permissions to. Can be one or more of: 'VisualStudioCode', 'VisualStudio', 'VisualStudioMSAL'. Either this parameter or MCPClientServicePrincipalId must be specified.

Type: String[]
Parameter Sets: PredefinedClients
Aliases:

Required: False
Position: Named
Default value: @('VisualStudioCode')
Accept pipeline input: False
Accept wildcard characters: False
Type: String[]
Parameter Sets: PredefinedClientsScopes
Aliases:

Required: True
Position: Named
Default value: @('VisualStudioCode')
Accept pipeline input: False
Accept wildcard characters: False

-MCPClientServicePrincipalId

The service principal ID(s) of custom MCP client(s) to grant permissions to. Must be valid GUID format(s). Either this parameter or MCPClient must be specified.

Type: String[]
Parameter Sets: CustomClientsScopes, CustomClients
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Scopes

Specific scopes to grant. If not specified, all available scopes are granted.

Type: String[]
Parameter Sets: PredefinedClients
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Type: String[]
Parameter Sets: PredefinedClientsScopes, CustomClientsScopes
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ProgressAction

{{ Fill ProgressAction Description }}

Type: ActionPreference
Parameter Sets: (All)
Aliases: proga

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES