**Published: March 14, 2026 ~850 words**

TL;DR

The Model Context Protocol (MCP) C# SDK has reached its v1.0 milestone, bringing full support for the 2025-11-25 version of the MCP Specification. For .NET developers building AI agents on Azure, this is the moment the training wheels come off: incremental scope consent, long-running HTTP request handling, URL-mode elicitation, and enhanced OAuth flows are all production-ready. And the timing is deliberate — Microsoft simultaneously announced the forthcoming governance layer for all those agents you’re about to ship.

Why This Release Matters Right Now

Agentic AI is not a vibe anymore — it’s infrastructure. According to Microsoft’s Cyber Pulse report, more than 80 percent of Fortune 500 companies are actively using AI agents built with low- and no-code tools, and IDC projects 1.3 billion agents in circulation by 2028. Against that backdrop, Microsoft’s own research found that 29 percent of agents in surveyed organizations operate without approval from IT or security teams, and only 47 percent of organizations use any security tools at all to protect their AI deployments. That’s the bad news. The good news is that the MCP C# SDK v1.0 ships with security primitives baked in — not bolted on.

What’s New in v1.0

🔐 Enhanced Authorization (Finally, OAuth That Doesn’t Make You Cry)

Version 1.0 of the MCP C# SDK brings full support for the 2025-11-25 MCP Specification, introducing enhanced authorization flows, icon support for tools and resources, incremental scope consent, URL mode elicitation, tool calling in sampling, and improved handling of long-running HTTP requests. On the auth side specifically, one of the most significant additions is enhanced authorization server discovery. Under the updated specification, servers can now expose Protected Resource Metadata through three different methods, offering more flexibility compared to the single method previously required. The SDK handles the full discovery process on the client side automatically.

🔏 Incremental Scope Consent (Least Privilege, For Real)

Incremental scope consent applies the principle of least privilege to MCP authorization by allowing clients to request only the minimum access needed for each operation. Previously, clients often had to request all possible permissions upfront. With the new mechanism, clients start with minimal scopes and request additional ones as required; the SDK handles this automatically on the client side. In practice, your agent no longer shows up at the front door demanding every key in the building. Here’s the pattern the SDK uses under the hood:

// The SDK handles scope escalation automatically.
// When a 401/403 arrives with a 'scopes' parameter in WWW-Authenticate,
// the client extracts required scopes and re-initiates the auth flow.
var options = new McpClientOptions
{
    ClientInfo = new() { Name = "MyAgent", Version = "1.0.0" }
    // No manual scope pre-declaration needed — the SDK handles incremental consent.
};

The MCP C# client SDK handles incremental scope consent automatically. When it receives a 401 or 403 with a scopes parameter in the WWW-Authenticate header, it extracts the required scopes and initiates the authorization flow — no additional client code needed.

⏳ Long-Running Request Handling (Goodbye, SSE Timeouts)

The release further includes OAuth Client ID Metadata Documents (CIMDs) as a preferred alternative to Dynamic Client Registration, and improved support for long-running requests over HTTP through a polling mechanism that allows servers to close connections and clients to reconnect using event IDs. This is critical if you’ve been routing your MCP tools through Azure Functions. When MCP tools sit idle, costs drop to zero while maintaining fast wake-up times. The Premium plan supports “always-ready” instances that remain pre-initialized, eliminating cold-start latency, which is critical for mission-critical tools where initialization delays can cause SSE connection timeouts and poor agent response times.

🧪 Experimental Durable Task Support

Other changes in this release include experimental Tasks support for durable state tracking, DistributedCacheEventStreamStore for SSE stream storage, and extended Implementation metadata properties. Think of Tasks support as the SDK’s first step toward resumable, stateful agent workflows — a feature worth tracking closely.

The Bigger Picture: Agent Governance Is Now a Purchasing Decision

The SDK v1.0 landing is no coincidence. Microsoft announced the general availability of Agent 365 and Microsoft 365 Enterprise 7, two products designed to bring security and governance to the rapidly growing population of AI agents operating inside the world’s largest organizations. Both become available on May 1st, alongside Wave 3 of Microsoft 365 Copilot, which expands agentic AI capabilities and adds model diversity from both OpenAI and Anthropic. The governance layer works like this: a new capability called Agent ID gives each agent a unique identity in Microsoft Entra, enabling conditional access policies, least-privilege enforcement, and audit trails. Your MCP server running on Azure Functions can — and should — participate in this identity model via Azure App Service / Functions integration with Microsoft Entra Agent ID. Agent 365 offers unified SDKs and frameworks that simplify building, onboarding, and certifying agents. Agent 365’s agentic tools expose consistent MCP interfaces and SDKs. Developers can use agentic tools for Outlook, Teams, and SharePoint and business integrations — accelerating delivery while inheriting enterprise-grade security and compliance. —

Practical Takeaways for .NET / Azure Teams

| Concern | What to Do | |—|—| | Getting started | dotnet add package ModelContextProtocol — the v1.0 NuGet package is live | | Auth | Let the SDK handle PRM discovery and scope escalation; don’t handroll OAuth flows | | Latency / cold start | Use Azure Functions Premium plan with 2–3 always-ready instances for critical tools | | Governance | Register your agents in the Agent 365 Registry (GA May 1) and assign Entra Agent IDs | | Long-running ops | Adopt the new polling mechanism; avoid holding SSE connections open indefinitely | | CI/CD | Microsoft has published quickstart templates for both hosting approaches across multiple languages; the MCP extension quickstarts cover C# (.NET), Python, and TypeScript (Node.js), with a Java quickstart coming soon. |

One Honest Caveat

The experimental Tasks API for durable state tracking is exactly that — experimental. Don’t bet a production workflow on it yet. Watch the mcp-whats-new demo repository (linked below) for when that graduates. The v1.0 release of the MCP C# SDK represents a major step forward for building MCP servers and clients in .NET. Whether you’re implementing secure authorization flows, building rich tool experiences with sampling, or handling long-running operations gracefully, the SDK has you covered. —

Further Reading

  • .NET Blog — MCP C# SDK v1.0 announcement (March 5, 2026): https://devblogs.microsoft.com/dotnet/release-v10-of-the-official-mcp-csharp-sdk/

  • InfoQ — MCP C# SDK v1.0 coverage: https://www.infoq.com/news/2026/03/mcp-csharp-v1/

  • Microsoft Official Blog — Agent 365 & M365 E7 announcement (March 9, 2026): https://blogs.microsoft.com/blog/2026/03/09/introducing-the-first-frontier-suite-built-on-intelligence-trust/

  • VentureBeat — Agent 365 deep-dive and governance analysis (March 9, 2026): https://venturebeat.com/technology/microsoft-says-ungoverned-ai-agents-could-become-corporate-double-agents-its

  • InfoQ — Azure Functions MCP GA (background context): https://www.infoq.com/news/2026/01/azure-functions-mcp-support/

  • Microsoft Learn — Get started with .NET AI and MCP: https://learn.microsoft.com/en-us/dotnet/ai/get-started-mcp

  • Microsoft Learn — Governing Agent Identities with Entra (Preview): https://learn.microsoft.com/en-us/entra/id-governance/agent-id-governance-overview