# Tool Catalog Registration in Azure AI Foundry

> **Author:** Ozgur Guler | AI Solution Leader, AI Innovation Hub
> **Contact:** [ozgur.guler1@gmail.com](mailto:ozgur.guler1@gmail.com)
> **Copyright 2025 Ozgur Guler. All rights reserved.**

---

## What This Notebook Does

This notebook demonstrates how to **register MCP servers** in **Azure API Center** to create a **private organizational tool catalog** that can be discovered and used by agents in Azure AI Foundry.

### The Key Concept

```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│                              TOOL CATALOG ARCHITECTURE                                      │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│                                                                                            │
│   REGISTER                        DISCOVER                        USE                      │
│   ┌─────────────┐                ┌─────────────┐                ┌─────────────┐           │
│   │             │                │             │                │             │           │
│   │ MCP Server  │ ── Register ─► │ API Center  │ ◄── Browse ─── │  Developer  │           │
│   │ (Logic Apps)│    in API      │ Tool Catalog│    Catalog     │  in Foundry │           │
│   │             │    Center      │             │                │             │           │
│   └─────────────┘                └─────────────┘                └─────────────┘           │
│         │                              │                              │                    │
│         │                              │                              │                    │
│         ▼                              ▼                              ▼                    │
│   ┌─────────────┐                ┌─────────────┐                ┌─────────────┐           │
│   │ ServiceNow  │                │ Governance  │                │   Agent     │           │
│   │ Salesforce  │                │ • Auth      │                │   Builder   │           │
│   │ SAP         │                │ • RBAC      │                │   + Tools   │           │
│   │ SQL Server  │                │ • Versioning│                │             │           │
│   └─────────────┘                └─────────────┘                └─────────────┘           │
│                                                                                            │
└────────────────────────────────────────────────────────────────────────────────────────────┘
```

### Why Tool Catalogs?

| Challenge | Without Catalog | With Tool Catalog |
|-----------|----------------|-------------------|
| **Discovery** | Developers must know MCP URLs | Browse/search in Foundry portal |
| **Governance** | No central control | RBAC, authentication, versioning |
| **Sharing** | Manual URL distribution | Automatic visibility to authorized users |
| **Security** | Each team manages auth | Centralized credential management |
| **Consistency** | Different tools per project | Organization-wide tool standards |

---

## Tool Catalog Types in Foundry

Azure AI Foundry supports multiple tool sources:

### 1. Public Tool Catalog
Microsoft-provided tools available to all Foundry users:
- Bing Web Search
- Code Interpreter
- File Search
- Fabric Data Agent

### 2. Private/Organizational Tool Catalog (This Notebook)
Your organization's MCP servers registered in Azure API Center:
- ServiceNow connectors
- Salesforce integrations
- Custom enterprise APIs
- Internal tools and services

### 3. Custom Tools
Direct MCP endpoint configuration:
- Remote MCP servers
- A2A (Agent-to-Agent) endpoints
- OpenAPI 3.0 specifications

---

## Architecture: API Center as Tool Registry

```
┌─────────────────────────────────────────────────────────────────────────────────────────┐
│                              AZURE API CENTER                                            │
│                        (Private Organizational Tool Catalog)                             │
├─────────────────────────────────────────────────────────────────────────────────────────┤
│                                                                                          │
│  ┌─────────────────────────────────────────────────────────────────────────────────┐    │
│  │                           REGISTERED MCP SERVERS                                 │    │
│  │                                                                                  │    │
│  │  ┌─────────────────┐  ┌─────────────────┐  ┌─────────────────┐                  │    │
│  │  │ servicenow-mcp  │  │ salesforce-mcp  │  │   custom-api    │                  │    │
│  │  │ ─────────────── │  │ ─────────────── │  │ ─────────────── │                  │    │
│  │  │ CreateIncident  │  │ GetContact      │  │ QueryDatabase   │                  │    │
│  │  │ UpdateIncident  │  │ CreateOpp       │  │ RunReport       │                  │    │
│  │  │ GetIncident     │  │ UpdateAccount   │  │ SendNotify      │                  │    │
│  │  └─────────────────┘  └─────────────────┘  └─────────────────┘                  │    │
│  │                                                                                  │    │
│  └─────────────────────────────────────────────────────────────────────────────────┘    │
│                                                                                          │
│  ┌─────────────────────────────────────────────────────────────────────────────────┐    │
│  │                           GOVERNANCE FEATURES                                    │    │
│  │                                                                                  │    │
│  │  ┌────────────────┐  ┌────────────────┐  ┌────────────────┐  ┌────────────────┐ │    │
│  │  │  Authentication │  │  Authorization │  │   Versioning   │  │   Environments │ │    │
│  │  │  ────────────── │  │  ────────────── │  │  ────────────── │  │  ────────────── │ │    │
│  │  │  OAuth 2.0      │  │  RBAC Roles    │  │  v1, v2, v3    │  │  Dev, Staging  │ │    │
│  │  │  API Key        │  │  Data Reader   │  │  Deprecation   │  │  Production    │ │    │
│  │  │  Managed ID     │  │  Contributor   │  │  Lifecycle     │  │  Endpoints     │ │    │
│  │  └────────────────┘  └────────────────┘  └────────────────┘  └────────────────┘ │    │
│  │                                                                                  │    │
│  └─────────────────────────────────────────────────────────────────────────────────┘    │
│                                                                                          │
└─────────────────────────────────────────────────────────────────────────────────────────┘
                                          │
                                          │ Sync to Foundry
                                          ▼
┌─────────────────────────────────────────────────────────────────────────────────────────┐
│                           AZURE AI FOUNDRY PORTAL                                        │
│                                                                                          │
│   Build > Tools > Catalog                                                               │
│   ┌─────────────────────────────────────────────────────────────────────────────────┐   │
│   │  Filter: [Public ▾] [Your-API-Center ▾]                                         │   │
│   │                                                                                  │   │
│   │  ┌────────────┐  ┌────────────┐  ┌────────────┐  ┌────────────┐               │   │
│   │  │ ServiceNow │  │ Salesforce │  │ Custom API │  │ Web Search │               │   │
│   │  │  [Add]     │  │  [Add]     │  │  [Add]     │  │  [Add]     │               │   │
│   │  └────────────┘  └────────────┘  └────────────┘  └────────────┘               │   │
│   └─────────────────────────────────────────────────────────────────────────────────┘   │
│                                                                                          │
└─────────────────────────────────────────────────────────────────────────────────────────┘
```

---

## Prerequisites

### Required Azure Resources

| Resource | Purpose | Notes |
|----------|---------|-------|
| **Azure API Center** | Host the tool catalog | Name becomes catalog name in Foundry |
| **Azure AI Foundry Project** | Agent development | Same subscription as API Center |
| **MCP Server** | Tools to register | Logic Apps, Azure Functions, etc. |

### Required Permissions

| Role | Purpose | Scope |
|------|---------|-------|
| **API Center Contributor** | Register MCP servers | API Center resource |
| **API Center Data Reader** | Discover tools in Foundry | API Center resource (for developers) |

### Authentication Options

| Method | Use Case | Configuration |
|--------|----------|---------------|
| **None** | Public tools | No auth required |
| **API Key** | Simple auth | Configure in API Center > Governance > Authorization |
| **OAuth 2.0** | Enterprise auth | Configure identity provider |
| **Managed Identity** | Azure-to-Azure | System-assigned identity |

---

## Section 1: Install Dependencies

In [None]:
# Install required packages
!pip install azure-ai-projects --pre --quiet
!pip install azure-ai-agents --pre --quiet
!pip install azure-identity azure-mgmt-apicenter python-dotenv --quiet

print("Packages installed successfully")

In [None]:
import os
from dotenv import load_dotenv

load_dotenv("../.env")

# Foundry Configuration
PROJECT_ENDPOINT = os.getenv(
    "PROJECT_ENDPOINT",
    "https://ozgurguler-7212-resource.services.ai.azure.com/api/projects/ozgurguler-7212"
)

# API Center Configuration (for Tool Catalog)
# Note: API Center name becomes the catalog name in Foundry portal
API_CENTER_NAME = os.getenv("API_CENTER_NAME", "enterprise-tool-catalog")
API_CENTER_RESOURCE_GROUP = os.getenv("API_CENTER_RESOURCE_GROUP", "foundry-demo-rg")
SUBSCRIPTION_ID = os.getenv("AZURE_SUBSCRIPTION_ID", "")

# Demo Mode Flag
# Set to False when you have a real API Center with registered MCP servers
USE_DEMO_MODE = True

if USE_DEMO_MODE:
    # Demo mode - use Microsoft Learn MCP server
    MCP_SERVER_URL = "https://learn.microsoft.com/api/mcp"
    MCP_SERVER_LABEL = "microsoft_learn"
    print("Using demo mode (Microsoft Learn MCP Server)")
    print("Set USE_DEMO_MODE = False and configure API Center for production")
else:
    # Production - use MCP server from API Center catalog
    MCP_SERVER_URL = os.getenv(
        "CATALOG_MCP_URL",
        "https://your-logic-app.azurewebsites.net/api/mcpservers/enterprise/mcp"
    )
    MCP_SERVER_LABEL = "catalog_mcp_server"
    print("Using API Center Tool Catalog")

MODEL = os.getenv("MODEL_DEPLOYMENT_NAME", "gpt-5-nano")

print(f"\nConfiguration:")
print(f"  Project: {PROJECT_ENDPOINT}")
print(f"  API Center: {API_CENTER_NAME}")
print(f"  MCP Server: {MCP_SERVER_URL}")
print(f"  Model: {MODEL}")

---

## Section 2: Register MCP Server in API Center

### Registration Methods

| Method | Best For | Steps |
|--------|----------|-------|
| **Azure Portal** | Interactive setup | API Center > MCP > Register |
| **Azure CLI** | Automation | `az apic api register` |
| **REST API** | Programmatic | API Center Management API |
| **Bicep/ARM** | Infrastructure as Code | Template deployment |

### Portal Registration Steps

1. **Open API Center** in Azure Portal
2. Navigate to **Discovery > MCP**
3. Select **Azure Logic Apps** tile
4. Click **Register**
5. Configure MCP server details:
   - Name, description
   - Logic App resource
   - Tools (connector actions)
6. Configure authentication
7. Click **Register** to complete

### Bicep Template Example

```bicep
// API Center resource
resource apiCenter 'Microsoft.ApiCenter/services@2024-03-01' = {
  name: 'enterprise-tool-catalog'
  location: 'eastus'
  properties: {}
}

// Register MCP Server as API
resource mcpServerApi 'Microsoft.ApiCenter/services/apis@2024-03-01' = {
  parent: apiCenter
  name: 'servicenow-mcp'
  properties: {
    title: 'ServiceNow IT Service Management'
    description: 'MCP server for ServiceNow incident management'
    kind: 'mcp'
    contacts: [
      {
        name: 'Platform Team'
        email: 'platform@company.com'
      }
    ]
    customProperties: {
      mcpEndpoint: 'https://logic-app.azurewebsites.net/api/mcpservers/servicenow/mcp'
    }
  }
}

// API Version
resource apiVersion 'Microsoft.ApiCenter/services/apis/versions@2024-03-01' = {
  parent: mcpServerApi
  name: 'v1'
  properties: {
    title: 'v1'
    lifecycleStage: 'production'
  }
}

// Deployment (Environment + Endpoint)
resource apiDeployment 'Microsoft.ApiCenter/services/apis/deployments@2024-03-01' = {
  parent: mcpServerApi
  name: 'production'
  properties: {
    title: 'Production'
    environmentId: '/subscriptions/.../environments/production'
    definitionId: '/subscriptions/.../definitions/mcp-spec'
    server: {
      runtimeUri: [
        'https://logic-app.azurewebsites.net/api/mcpservers/servicenow/mcp'
      ]
    }
  }
}
```

In [None]:
# List registered MCP servers in API Center (requires azure-mgmt-apicenter)
# Note: This is informational - actual registration is done via Portal/CLI/Bicep

from azure.identity import DefaultAzureCredential

credential = DefaultAzureCredential()

if not USE_DEMO_MODE and SUBSCRIPTION_ID:
    try:
        from azure.mgmt.apicenter import ApiCenterMgmtClient
        
        api_center_client = ApiCenterMgmtClient(
            credential=credential,
            subscription_id=SUBSCRIPTION_ID
        )
        
        # List APIs (MCP servers) in the catalog
        print(f"APIs registered in {API_CENTER_NAME}:")
        print("="*50)
        
        apis = api_center_client.apis.list(
            resource_group_name=API_CENTER_RESOURCE_GROUP,
            service_name=API_CENTER_NAME
        )
        
        for api in apis:
            print(f"\n  {api.name}")
            print(f"    Title: {api.properties.title}")
            print(f"    Kind: {api.properties.kind}")
            print(f"    Description: {api.properties.description or 'N/A'}")
            
    except ImportError:
        print("azure-mgmt-apicenter not installed. Install with: pip install azure-mgmt-apicenter")
    except Exception as e:
        print(f"Could not list APIs: {e}")
        print("\nNote: Ensure you have API Center Contributor or Reader role")
else:
    print("Demo mode - skipping API Center listing")
    print("\nIn production, this would show registered MCP servers:")
    print("  - servicenow-mcp (IT Service Management)")
    print("  - salesforce-mcp (CRM Operations)")
    print("  - custom-api-mcp (Internal Tools)")

---

## Section 3: Configure Access to Tool Catalog

### Role Assignments for Tool Catalog Access

For developers to see MCP servers in the Foundry tool catalog, they need the **Azure API Center Data Reader** role (or equivalent).

```bash
# Grant Data Reader role to a user
az role assignment create \
  --role "Azure API Center Data Reader" \
  --assignee "user@company.com" \
  --scope "/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.ApiCenter/services/{api-center}"

# Grant Data Reader role to a group
az role assignment create \
  --role "Azure API Center Data Reader" \
  --assignee-object-id "{group-object-id}" \
  --scope "/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.ApiCenter/services/{api-center}"
```

### API Center Roles

| Role | Permissions | Use Case |
|------|-------------|----------|
| **API Center Contributor** | Full CRUD on APIs | Platform team |
| **API Center Data Reader** | Read APIs, discover tools | Developers |
| **API Center Service Reader** | Read service config | Monitoring |

### Configure Authentication for MCP Servers

If your MCP servers require authentication:

1. Navigate to **API Center > Governance > Authorization**
2. Click **Add configuration**
3. Select authorization type:
   - **API Key**: Simple key-based auth
   - **OAuth 2.0**: Client credentials or auth code flow
   - **Managed Identity**: Azure-to-Azure auth
4. Configure credentials
5. Link to specific APIs

In [None]:
# Configure authentication for API Center (example with Azure CLI)
# This is informational - run these commands in your terminal

auth_commands = """
# 1. Grant Data Reader role to developers
az role assignment create \\
  --role "Azure API Center Data Reader" \\
  --assignee "developers@company.com" \\
  --scope "/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.ApiCenter/services/{api-center}"

# 2. Configure API Key authentication for an MCP server
az apic authorization create \\
  --resource-group {rg} \\
  --service-name {api-center} \\
  --authorization-id servicenow-auth \\
  --authorization-type apikey \\
  --parameter-name x-functions-key \\
  --parameter-location header

# 3. Link authorization to API
az apic api update \\
  --resource-group {rg} \\
  --service-name {api-center} \\
  --api-id servicenow-mcp \\
  --set properties.authorizationId=servicenow-auth
"""

print("Azure CLI commands for API Center configuration:")
print("="*50)
print(auth_commands)

---

## Section 4: Use Tools from Catalog in Agent

### How Developers Access the Tool Catalog

1. Open **Azure AI Foundry Portal**
2. Navigate to **Build > Tools** or open **Agent Builder**
3. Click **Catalog** tab
4. Filter by your API Center name (organizational catalog)
5. Browse available MCP servers
6. Click **Add** to attach to your agent

### Programmatic Access

Once an MCP server is in the catalog, you can use it programmatically:

In [None]:
from azure.ai.projects import AIProjectClient
from azure.ai.projects.models import PromptAgentDefinition
from azure.ai.agents.models import McpTool

# Initialize client
client = AIProjectClient(
    endpoint=PROJECT_ENDPOINT,
    credential=credential
)

# Configure MCP tool from catalog
# In production, this URL comes from the API Center catalog
catalog_mcp_tool = McpTool(
    server_label=MCP_SERVER_LABEL.replace("-", "_"),
    server_url=MCP_SERVER_URL,
    allowed_tools=[],  # Empty = all tools from server
)

print(f"MCP Tool from Catalog:")
print(f"  Label: {MCP_SERVER_LABEL}")
print(f"  URL: {MCP_SERVER_URL}")

In [None]:
# Create agent using tools from the catalog

if USE_DEMO_MODE:
    AGENT_INSTRUCTIONS = """You are a helpful assistant with access to Microsoft Learn documentation.

When asked questions:
1. Use available tools to search for relevant information
2. Provide accurate answers based on documentation
3. Cite sources when possible

This is a demo showing the tool catalog pattern."""
else:
    AGENT_INSTRUCTIONS = """You are an enterprise assistant with access to organizational tools from the tool catalog.

Available tools are registered in your organization's API Center and include:
- IT Service Management (ServiceNow)
- CRM Operations (Salesforce)
- Custom enterprise integrations

When asked to perform actions:
1. Identify the appropriate tool from the catalog
2. Execute the tool with proper parameters
3. Report results to the user"""

AGENT_NAME = "catalog-tools-agent"

try:
    agent = client.agents.create_version(
        agent_name=AGENT_NAME,
        definition=PromptAgentDefinition(
            model=MODEL,
            instructions=AGENT_INSTRUCTIONS,
            tools=catalog_mcp_tool.definitions,
        )
    )
    print(f"Created agent: {agent.name}")
    print(f"  Version: {agent.version}")
    print(f"  Tools from: {'Demo MCP' if USE_DEMO_MODE else 'API Center Catalog'}")
except Exception as e:
    print(f"Error creating agent: {e}")
    agent = None

In [None]:
# Test agent with catalog tools

openai_client = client.get_openai_client()

def invoke_catalog_agent(user_input: str, agent_name: str) -> str:
    """Invoke agent using tools from the catalog."""
    print(f"\n{'='*60}")
    print(f"User: {user_input}")
    print("="*60)
    
    try:
        conversation = openai_client.conversations.create()
        
        response = openai_client.responses.create(
            input=user_input,
            conversation=conversation.id,
            extra_body={"agent": {"name": agent_name, "type": "agent_reference"}},
        )
        
        print(f"\nStatus: {response.status}")
        print(f"\nAgent Response:\n{response.output_text}")
        
        return response.output_text
        
    except Exception as e:
        print(f"\nError: {e}")
        return None

# Test the agent
if agent:
    if USE_DEMO_MODE:
        result = invoke_catalog_agent(
            "How do I register an MCP server in Azure API Center?",
            agent.name
        )
    else:
        result = invoke_catalog_agent(
            "Create a support ticket for VPN connection issues",
            agent.name
        )
else:
    print("Agent not available")

In [None]:
# Optional: Cleanup agent
DELETE_AGENT = False  # Set to True to delete

if DELETE_AGENT and agent:
    try:
        client.agents.delete(agent_name=AGENT_NAME)
        print(f"Deleted agent: {AGENT_NAME}")
    except Exception as e:
        print(f"Note: {e}")
else:
    print(f"Agent cleanup skipped")

---

## Section 5: API Center Portal for Tool Discovery

### Accessing the API Center Portal

The API Center Portal is an Azure-managed website where developers can browse and discover registered APIs/MCP servers.

**Portal URL Format:**
```
https://<api-center-name>.<region>.azure-apicenter.ms
```

**Example:**
```
https://enterprise-tool-catalog.eastus.azure-apicenter.ms
```

### Setting Up the Portal

1. Navigate to **API Center > API Center portal > Settings**
2. Click **View API Center portal**
3. Sign in with your Azure account
4. Browse available MCP servers

### Portal Features

| Feature | Description |
|---------|-------------|
| **API Catalog** | Browse all registered APIs/MCP servers |
| **Search** | Find APIs by name, description, tags |
| **Versions** | View available versions and lifecycle stages |
| **Endpoints** | Copy MCP endpoint URLs |
| **Documentation** | View API documentation and specs |
| **Environments** | See dev, staging, production deployments |

---

## Summary: Tool Catalog Registration

### What We Demonstrated

```
┌─────────────────────────────────────────────────────────────────────────────────┐
│                    TOOL CATALOG REGISTRATION WORKFLOW                            │
├─────────────────────────────────────────────────────────────────────────────────┤
│                                                                                  │
│  1. CREATE API CENTER              2. REGISTER MCP SERVERS                       │
│  ┌─────────────────────┐           ┌─────────────────────┐                      │
│  │ Azure API Center    │           │ Portal / CLI / Bicep │                      │
│  │ (Tool Catalog)      │ ◄──────── │ Registration         │                      │
│  └─────────────────────┘           └─────────────────────┘                      │
│           │                                                                      │
│           │                                                                      │
│           ▼                                                                      │
│  3. CONFIGURE ACCESS               4. DISCOVER IN FOUNDRY                        │
│  ┌─────────────────────┐           ┌─────────────────────┐                      │
│  │ RBAC Roles          │           │ Build > Tools >     │                      │
│  │ Authentication      │ ────────► │ Catalog > Add       │                      │
│  └─────────────────────┘           └─────────────────────┘                      │
│           │                                  │                                   │
│           │                                  │                                   │
│           ▼                                  ▼                                   │
│  5. USE IN AGENTS                                                                │
│  ┌──────────────────────────────────────────────────────────────────────────┐   │
│  │ Agent with tools from organizational catalog                              │   │
│  │ - Governed access                                                         │   │
│  │ - Consistent tooling across projects                                      │   │
│  │ - Centralized management                                                  │   │
│  └──────────────────────────────────────────────────────────────────────────┘   │
│                                                                                  │
└─────────────────────────────────────────────────────────────────────────────────┘
```

### Implementation Checklist

| Step | Action | Status |
|------|--------|--------|
| 1 | Create Azure API Center | [ ] |
| 2 | Register MCP servers as APIs | [ ] |
| 3 | Configure authentication | [ ] |
| 4 | Assign Data Reader role to developers | [ ] |
| 5 | Verify tools appear in Foundry catalog | [ ] |
| 6 | Test agent with catalog tools | [ ] |

### Tool Catalog Benefits

| Benefit | Description |
|---------|-------------|
| **Centralized Discovery** | All tools in one place |
| **Governance** | RBAC, versioning, lifecycle management |
| **Consistency** | Same tools across all projects |
| **Security** | Centralized credential management |
| **Discoverability** | Search, filter, documentation |
| **Compliance** | Audit trail, access control |

### Key Resources

| Resource | URL |
|----------|-----|
| API Center Documentation | https://learn.microsoft.com/azure/api-center |
| Foundry Tool Catalog | https://learn.microsoft.com/azure/ai-foundry/tools |
| MCP Server Registration | Portal: API Center > Discovery > MCP |

---

## Next Steps

1. **Create API Center** in your subscription
2. **Register your MCP servers** via Portal or Bicep
3. **Configure RBAC** for your development teams
4. **Verify in Foundry** that tools appear in the catalog
5. **Build agents** using tools from the organizational catalog

Continue to `../11-logic-apps-invoke-agent-a2a` for agent-to-agent communication.

---

<div align="center">

## License & Attribution

This notebook is part of the **Azure AI Foundry Demo Repository**

[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](../LICENSE)

**Original Author:** Ozgur Guler | AI Solution Leader, AI Innovation Hub

**Contact:** [ozgur.guler1@gmail.com](mailto:ozgur.guler1@gmail.com)

---

*If you use, modify, or distribute this work, you must provide appropriate credit to the original author as required by the [Apache License 2.0](../LICENSE).*

**Copyright 2025 Ozgur Guler. All rights reserved.**

</div>