Select Language:
If you’re trying to add a custom Sentinel MCP tool to an agent in Azure AI Foundry and you’re running into some trouble, you’re not alone. Here’s a simple guide to help you understand the issue and find a workaround.
First, you need to set up your remote MCP server endpoint, which might look like this:
https://sentinel.microsoft.com/mcp/custom/<collection-name/>
For authentication, you want to use OAuth Identity Passthrough, with an authorization URL like:
https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize
And a token URL similar to:
https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
Your scope will be something like:
<your-scope>/.default
Now, the problem most users face is with the Refresh URL field. If you type the same token endpoint URL into the Refresh URL box, the connection creation tends to fail. However, if you leave the Refresh URL field blank, the connection is created successfully, but it doesn’t generate an OAuth redirect URL.
When inspecting the network response during this process in Chrome DevTools, you’ll see the response contains "redirectUrl": null. Despite this, you’ll end up with a Project connection ID, so the connection technically exists, but the redirect URL isn’t generated or shown.
According to the documentation, clicking the Connect button should generate a redirect URL you can copy into your app registration. But what you observe is different:
- When you fill out the Refresh URL field, the process fails.
- When you leave it blank, the connection is made, but the redirect URL isn’t provided, staying null.
So, your main questions are:
- Is this a known issue or a limitation in Azure AI Foundry?
- Should you just leave the Refresh URL blank as a workaround?
- If you do that, why is the redirect URL still null?
- Are there other fields or permissions you might need to ensure the redirect URL gets generated?
Most likely, this behavior points to a preview or incomplete feature that hasn’t fully matured yet. Currently, the best approach is to leave the Refresh URL blank during setup, even though the redirect URL isn’t shown. Keep in mind, some permissions in your Entra app registration are already delegated correctly, and you can confirm the tool is saved with a valid Project connection ID, but the redirect URL won’t appear until these issues are resolved.
If this is a persistent problem, stay tuned for updates from Microsoft, as they often address these kinds of challenges in upcoming releases. In the meantime, leaving the Refresh URL blank seems to be the safest workaround.
ChatGPT
Perplexity
Gemini AI
Grok AI
