top of page
Search

MCP Server in Dynamics 365 Business Central: What It Is and What It Means for Your Team

The Business Central MCP server connects AI clients to your Business Central environment through a standardised interface called the Model Context Protocol. Any MCP-compatible client, such as Copilot Studio, GitHub Copilot, or a third-party tool like Claude, connects to a single endpoint and can query live records or act on your data, depending on how the server is configured.


The practical effect is that employees ask questions about Business Central data in natural language, and agents query your live environment to respond. What agents are permitted to do is a governance decision that belongs before any tool goes live.


Configure Agent access via the MCT

Without any configuration beyond enabling the MCP server, agents get read-only access to all exposed Business Central API pages. That default is conservative by design: an agent can list customers, items, or sales orders, but it cannot create, modify, or delete any record.


Write access includes any action that creates, modifies, or deletes records, including document posting and becomes available once an administrator explicitly enables it on the Model Context Protocol (MCP) Server Configurations page by turning on the Unblock Edit Tools switch.


Which AI Clients Can Connect to Business Central MCP and How Authentication Works

Every MCP client connects to the same endpoint and uses HTTP headers to specify the target environment: TenantId, EnvironmentName, Company, and optionally ConfigurationName.


Authentication runs through Microsoft Entra ID using OAuth 2.0 Authorisation Code flow with PKCE. All operations execute under the authenticated user's identity, so audit trails record who performed each action — not a generic service account.


Microsoft clients such as Visual Studio Code with GitHub Copilot and Copilot Studio use a preregistered application, so no additional app registration is needed.


Non-Microsoft clients require you to register your own application in Entra ID before they can connect. Claude and ChatGPT are common examples, as is any custom agent your team builds.


How to Set Up the MCP Server

Configuration starts on the Model Context Protocol (MCP) Server Configurations page — search for it directly in Business Central. You need at least the MCP - ADMIN permission set to create or modify configurations. From there, select New and complete the general fields before adding any API pages as tools.


The Name field appears in Copilot Studio as the identifier agents use to connect to this configuration via the ConfigurationName HTTP header. Use a name that reflects the agent's scope, like SalesTeamConfig or FinanceReadOnly.


Set Active and the mode switches once the general setup is complete, then add API page objects in the Available Tools section by setting the Object ID and selecting which operations to permit per page. The shortcut Add All Standard APIs as Tools exists, but use it with caution alongside the tool limit discussed below.


Configurations can be exported as JSON files and imported into other environments, which makes promotion from sandbox to production straightforward and auditable. Export from the Advanced menu on the configuration page, edit the JSON if needed, and import it into the target environment as a new entry.


Dynamic Tool Mode and the Copilot Studio 70-Tool Limit

Copilot Studio currently caps agents at 70 tools. If you add all standard Business Central API pages as explicit tools in a single configuration and Dynamic Tool Mode is off, only the first 70 appear in Copilot Studio; the rest are silently unavailable.


Turning on Dynamic Tool Mode changes how tool discovery works. Instead of agent makers selecting individual tools at design time, the agent discovers and invokes tools at runtime using bc_actions_search, bc_actions_describe, and bc_actions_invoke, which removes the 70-tool ceiling.


When Discover Additional Objects is also turned on alongside Dynamic Tool Mode, the agent gains read-only access to all API pages in the environment, including pages not listed in the configuration. Enable that only after a deliberate decision about which data you want to be accessible.


For implementations where you are building a focused agent, for example, one that handles sales order queries for a specific team, Dynamic Tool Mode off with a curated tool list gives agent makers explicit control and keeps the scope auditable.


For broader implementations where agents need to range across many entities, Dynamic Tool Mode on with carefully considered write permissions is the more practical path.


Mapping API Page Permissions to API Agent Tools

Each API page object you add to a configuration produces a named tool for every permitted operation.


With Dynamic Tool Mode off, the tool names follow a predictable pattern: List<object_name>_PAG<ID> for read, Create<object_name>_PAG<ID> for create, ListUpdate<object_name>_PAG<ID> for modify, and Delete<object_name>_PAG<ID> for delete. Bound actions follow <bound_action_name>_PAG<ID>. For example, adding APIV2 - Customer (Object ID 30009) with full read-write permissions produces four distinct tools visible in Copilot Studio.


API pages of subtype ListPart and CardPart cannot be added as MCP tools — only top-level API pages are supported. If your implementation uses custom API pages built on part subtypes, build separate top-level API pages for any entity you want exposed as an agent tool.


Granting Allow Delete on a page means an agent can delete records of that type when they determine that deletion is the right action. Finance teams and IT managers should agree on which entities warrant delete access before configuration is complete.


What MCP Can do for Finance and IT Managers at SMEs

The MCP server is not primarily a developer feature; it is an administration and governance decision that finance and IT managers will feel in day-to-day operations. When agents can query or act on Business Central records on behalf of users, the question shifts from "can we connect an AI client?" to "which processes are we comfortable having agents touch, and are the people responsible for those processes prepared?"


For SMEs, start by deciding which configurations to activate and for which teams. Write permission scope, which entities agents can create or modify, follows from that. The final question is whether the processes that those agents will execute are defined clearly enough for them to act correctly. A sales agent who creates customers and posts orders will follow the posting setup it finds; therefore, clean posting group assignments and correct customer templates are the prerequisites for agent-created records to be correct.


How to Tell if Your Organisation is Ready for Business Central AI Agents

The technical configuration takes less time than the organisational preparation. For teams where Business Central processes are well-documented and consistently followed, adding an AI agent layer is a real benefit. For teams where processes are informal or vary by person, an agent acting on their behalf will execute those variations at scale and possibly make mistakes.


Before activating write-enabled configurations, the teams whose data agents will touch need to understand what triggers agent actions, what records agents will create or modify, and how to correct mistakes when they occur. An accounts payable team that understands how vendor ledger entries are created can audit agent activity and reverse errors quickly; that process knowledge is what makes agent-assisted workflows manageable.


What Your Team Needs to Know Before Agents Go Live

The employees interacting with Business Central through AI agents need to understand the processes those agents execute.


IT administrators and system owners need a clear view of which configurations are active and which write permissions are live, and the ability to read the audit log when something goes wrong.


A few things to remember:


  • All MCP operations execute under the authenticated user's identity: the audit log records individual users. IT needs to know how to read that log and distinguish agent-initiated actions from manual ones.

  • Permission sets that govern what users can do in Business Central apply equally to agents acting under their identity.

  • For implementations using Azure Logic Apps Standard to build MCP servers across multiple enterprise applications, the scope of what agents can touch extends beyond Business Central. In that scenario, process training needs to cover the full workflow, not just the Business Central nodes within it.

If your organisation is deploying Business Central AI agents or evaluating MCP, your staff need role-based training on the processes those agents will touch. Enquire about employee training programmes or contract consulting to get your team ready before agents go live.

Subscribe to our newsletter to receive our articles in your inbox, invites to our free training webinars and special offers for our training courses.

Comments

Microsoft-Solutions-Partner-Logo-white.webp

Viscontis Limited

Canada Street

SE16 6BH, London, UK

Company Registered in England and Wales 

© 2026 by Viscontis Limited. All rights Reserved

Terms of Service

Privacy Policy

About

Subscribe

Course Catalogue

Alfredo Iorio - MCT

Your Account

Members Area

Home Page

  • LinkedIn
  • YouTube

Legal Notice: D365 Training is a Trademark of Viscontis Limited, a Microsoft Training Services Partner; all rights reserved.

This website is neither owned nor sponsored by Microsoft©. Any reference to Microsoft, Dynamics365, Microsoft Teams, Microsoft Business Central, Azure or any other Microsoft software is purely for illustration, training and demo purposes.

 

You must perform due diligence before purchasing, implementing and setting up any technology mentioned on this website. By navigating this website, you acknowledge that we owe no responsibility if your business experiences losses, disruption or loss of data following the implementation of suggestions, guides or training material accessed from or mentioned on this website.

bottom of page