Custom Servers FAQs

Question 1

What are Custom Servers for?

Accepted Answer

Custom Servers provide Model Context Protocol (MCP) integrations to extend security operations capabilities, like incident triage and threat hunting, to AI platforms such as Microsoft Copilot Studio and VS Code.

Question 2

What security operations capabilities do Custom Servers enable?

Accepted Answer

Currently, they support incident triage and threat hunting via the Microsoft Graph Security API, with future plans for Defender for Endpoint, response actions, and Entra identity investigations.

Question 3

How do Custom Servers handle user authentication and security?

Accepted Answer

They use a secure token passthrough mechanism, forwarding the user's OAuth token directly to underlying APIs. This means zero credentials are stored, and all actions respect the user's RBAC permissions.

Question 4

Can Custom Servers be used across different organizational tenants?

Accepted Answer

Yes, they are designed to be tenant-agnostic. A single deployment can be used by multiple tenants, with each tenant creating its own App Registration pointing to the shared server.

Question 5

Why use Custom Servers instead of official Microsoft MCP tools?

Accepted Answer

Official MCP tools for certain security functions (e.g., Triage & Hunting) are often blocked in platforms like Copilot Studio due to app identity allowlists. Custom Servers bypass these limitations by calling underlying APIs directly.

Custom Servers

Custom Servers

Key Features

Use Cases

Key Features

Use Cases