Imagine your Copilot Studio agent seamlessly managing a user’s Microsoft To Do tasks—not with hardcoded credentials or service accounts, but with the actual user’s permissions, maintaining full security and compliance throughout the entire call chain.

This session reveals how to build production-ready Model Context Protocol (MCP) servers that integrate with Microsoft Copilot Studio using the OAuth 2.0 On-Behalf-Of (OBO) flow. You’ll discover the complete architecture for preserving user context from Copilot Studio → MCP Server → Azure Functions → Microsoft Graph.

What You’ll Learn:

• The “why” behind MCP servers vs traditional connectors, and when each approach makes sense

• How to implement the complete OAuth OBO token chain with delegated permissions (no shortcuts!)

• Architecture patterns: separating your MCP interface from business logic using Azure Functions

• Real-world implementation: A fully working Microsoft To Do agent with user-scoped access

• Security best practices: token validation, scope checking, and maintaining user context end-to-end

• Live demonstration: Connecting your local MCP server to Copilot Studio using secure tunnelling

The Outcome:

Walk away with a reusable architectural blueprint for building secure, scalable MCP servers that respect user identity and permissions—perfect for enterprise scenarios where “run as admin” isn’t an option.

Whether you’re extending Copilot Studio with internal APIs or building your own MCP ecosystem, this session gives you the practical knowledge to do it right.