AI agents should not use MCP server tools without review
Descriptionโ
Checks all Copilot Studio agents for Model Context Protocol (MCP) server tool integrations. MCP tools extend agents with arbitrary external capabilities and may introduce supply chain risks if the MCP server is compromised or untrusted.
How to fixโ
Review all MCP server integrations in the flagged agents. Ensure each MCP server endpoint is owned by your organization or a trusted partner, is hosted on infrastructure you control, and uses HTTPS with proper authentication. Consider replacing MCP tools with Power Platform custom connectors that provide DLP policy enforcement and governance controls.
Learn more: Use MCP servers in Copilot Studio
Prerequisitesโ
This test evaluates Copilot Studio agent configurations via the Dataverse API.
Connect-Maester -Service Graph,Dataverse