eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Microsoft is moving full steam into the AI future, officially embracing the Model Context Protocol (MCP) as a foundational part of Windows 11.
At its Build 2025 developer conference, Microsoft announced that Windows 11 will now natively support MCP. This move aims to turn the operating system into what it calls an “agentic” platform, one where AI agents can help users carry out tasks across apps, files, and services without needing manual inputs.
How MCP works
MCP is a lightweight, open-source protocol introduced by Anthropic. It’s based on JSON-RPC over HTTP and allows AI agents, apps, and services to share information, access tools, and perform tasks consistently and securely.
Often described by some as the “USB-C port of AI apps” for its ability to standardize communication between apps, agents, and tools. Just like how USB-C makes it easy to connect devices, MCP allows developers to let AI agents and applications invariably talk to one another, whether they’re local tools or online services.
There are three key players in this ecosystem:
- MCP Clients: The AI agents that send requests.
- MCP Servers: Services that provide access to files, system settings, or apps.
- MCP Hosts: Applications that expose or invoke these capabilities.
For instance, this framework allows an app like Perplexity AI to search your file system without you manually selecting folders. In a live demo, Microsoft showed how a user could simply ask, “Find all the files related to my vacation in my documents folder.” The AI would take it from there.
Security is front and center
As exciting as MCP is, Microsoft isn’t ignoring the risks. MCP opens the door for powerful AI integrations, but creates new ways for malicious actors to attack. Microsoft says it’s building strong walls around this new agentic future, from prompt injections to tool poisoning.
“Without strong controls, an MCP server… could expose sensitive functionality, be misconfigured to allow remote access, or be exploited through many means of attacks, including new forms such as prompt injection or tool poisoning,” Microsoft wrote in a blog post.
To address this, Windows 11 will enforce multiple security layers, including:
- Proxy-mediated communication allows all MCP traffic to go through a secure Windows proxy.
- Tool-level authorization enables users to approve which AI agents can access which tools.
- Runtime isolation ensures agents get only the necessary access, reducing damage from any attack.
- Central MCP registry restricts visibility to only MCP servers that meet Microsoft’s security standards.
A preview version for developers
A private developer preview of MCP capabilities will roll out shortly after Build 2025. Microsoft says this preview is only for feedback purposes, and devices must be in developer mode to participate.
Some security features may not be fully enforced during the preview, but Microsoft says enforcement will be turned on before general release.