/
Model Context Protocol (MCP)

Model Context Protocol (MCP)

Last topic, and it's a big one: Model Context Protocol, or MCP.

The idea is simple: by default, Copilot comes with a set of built-in tools. MCP is how you add more tools to that toolbox. It's a standard interface that lets you connect Copilot to pretty much anything — external APIs, databases, cloud services, third-party platforms, whatever you can think of.

Installing an MCP Server

The easiest way to get started is through the built-in marketplace. Here's how:

  1. Click the gear icon at the top of the chat window to open chat settings

  1. Go to the MCP Servers section

  1. Browse the marketplace and find a server you want to use — there are pre-built ones for all kinds of services

Click on the list item for install options. Clicking the “Install” button installs it globally by default
“Install in Workspace” adds the configuration to your open project

  1. Choose to install it globally (available in all projects) or in your workspace (added to .vscode/mcp.json in your current project)

  1. Start the server and authenticate if needed.

    1. Different MCPs will have different authentication strategies. Sometimes you’ll need an auth token, other times you can login via OAuth flows in the browser. VS Code should provide help here for MCP servers in the marketplace.

Once it's running, open the tools panel and you'll see all the new tools from that MCP server listed alongside the built-in ones.

Figma MCP’s tools

One thing worth doing: look through the new tools and uncheck any you don't need. Some MCP servers expose a lot of capabilities, and you may not want Copilot to have access to all of them.

Note: You can configure your installed MCP servers from that settings. Just right click on the server and a list of options will appear.

Using an MCP Tool

Using an MCP tool works just like using any other Copilot tool. You can reference it with # or just describe what you want and Copilot will figure it out.

For example, with the Figma MCP installed, you can paste in a link to a Figma design and ask Copilot to read it. Copilot will call the Figma MCP, get the design info, and then be able to reason about it and write code based on it — same idea as when we used the fetch tool to look up the color palette, just now we have a Figma-specific tool that knows how to talk to Figma properly.

A Note on Security

MCP servers can expose some pretty powerful tools — and it's worth being thoughtful about what you give the agent access to.

Take an MCP server for a project management platform as an example. It might expose tools that let the agent create or edit issues, leave comments, or access sensitive project data — all authenticated under your personal account. The agent doesn't necessarily have full context about the downstream effects of using a tool; it'll just use whatever's available when it thinks it's appropriate.

A good default approach is deny by default: when you install a new MCP server, uncheck all the tools it exposes, then only enable the specific ones you actually need for the task at hand. This keeps the agent's access surface small and reduces the risk of unintended actions.

Turn all tools off and only enable the ones you specifically need

On authentication tokens: some MCP servers require an API key or personal access token. Don't paste these directly into mcp.json — especially if that file is checked into source control. VS Code has built-in support for input variables, which lets you reference secrets securely without hardcoding them into your config file.

Next Steps

Now it's your turn — in the final exercise, you'll install and configure an MCP server of your choice and use it in a real chat.

✏️ Exercise 2 - Connect an MCP Server