A platform owner inherits two CRMs after an acquisition and a sales VP who does not want to choose between them. The old answer was custom middleware that copied data between systems. The Wave 1 MCP integration in Copilot Studio gives a different shape: one agent asks both systems through a shared protocol and composes a single answer for the user. The pattern is real; the governance model is the part most teams underinvest in.
The Feature
Copilot Studio’s 2026 Wave 1 brings MCP integration — agents built in Copilot Studio can discover and call MCP servers, including external ones. Opens coordination with Salesforce MCP, third-party MCP registries, custom enterprise MCP. The agent registers a connection to each MCP server, discovers the available tools, and calls them as if they were native actions.
agent_mcp_servers:
- name: salesforce_crm
url: https://contoso.my.salesforce.com/mcp
auth: oauth2
- name: servicenow_kb
url: https://contoso.service-now.com/mcp
auth: oauth2
- name: workday_hr
url: https://contoso.workday.com/mcp
auth: oauth2The auth model is per-server. Standardize on OAuth2 with explicit scopes; managed identity is fine for internal-only servers.
Integration Patterns
Microsoft sales-rep agent reads Salesforce opportunity data via Salesforce MCP. Customer service agent reads knowledge from ServiceNow MCP. Internal HR agent reads Workday via MCP. One agent, multi-vendor data. The composition happens inside the agent’s response generation; the user sees one coherent answer.
Sales rep prompt: "what is the latest on Contoso?"
Agent steps:
1. Call Dynamics for account snapshot
2. Call Salesforce MCP for legacy opportunity data
3. Call ServiceNow MCP for open support cases
4. Compose response combining all threeThe latency is the trade-off. Three MCP calls in sequence add a second or two to response time. Run them in parallel where the protocol supports it.
Governance Implications
Your agent touches multiple vendors’ data. Each vendor has its own governance. Plus Microsoft’s own Copilot governance on the agent side. Policy decisions require multi-stakeholder alignment. The agent is a single point of access; the data flows back through it to the user, which means audit logs need to live in one place.
Governance topics to align:
- Data residency per source
- Retention of agent prompts and responses
- Rate limits per vendor
- Lawful basis for cross-vendor lookups
- Audit log destination and retentionGet sign-off on these before opening the second MCP server.
Build vs Buy
Building an MCP-savvy agent in Copilot Studio is now realistic for non-trivial use cases. The platforms converge on a common protocol; orchestration becomes the differentiated value, not integration plumbing. The buy decision used to favor pre-integrated vendor suites; the build decision now competes more credibly because the integration cost dropped.
Build when:
- The orchestration logic is core to your workflow
- You have engineering bandwidth for ongoing tuning
- The data sources are stable and well-known
Buy when:
- The use case is generic and well-served by a vendor
- The data sources change frequently
- You lack the bandwidth to maintain agentsTool Versioning
MCP tools are versioned. A change to an inventory lookup tool that adds a required parameter will break callers that did not get the memo. Adopt semantic versioning on tools, publish a deprecation schedule for breaking changes, and notify consumer agents before retiring a version.
mcp_tool_versions:
inventory_lookup:
v1: deprecated 2026-06-01, retired 2026-12-01
v2: current
v3: previewNetwork and Performance
MCP calls cross organizational boundaries. Co-locate servers with consuming agents where possible; for cross-region inevitability, set explicit timeouts and design degraded responses. A timeout of 5 seconds on each MCP call is a reasonable default; longer than that and the user experiences the agent as broken.
Audit and Correlation
Every agent prompt should produce a correlation ID that flows through every MCP call. Each MCP server logs the correlation ID alongside its own request log. When something goes wrong, the cross-vendor failure is traceable through the correlation chain. Without correlation, debugging is multi-day investigation.
What to do this week
Inventory the cross-CRM scenarios that already exist as middleware and assess whether MCP would replace them with less code. Stand up one read-only MCP server for a low-risk source, define the audit policy, and pilot one agent against it before expanding the registry.
