Model Context Protocol (MCP)
Model Context Protocol (MCP) is an open standard from Anthropic that lets AI assistants access approved systems such as Jira, GitHub, Confluence, Azure DevOps and SonarQube in a controlled way.
An MCP server exposes those systems to the model. For Defra, remote vendor-hosted servers are preferred, because they give consistent governance, stronger security controls and built-in audit logging.
What data you can use with it
What you can expose through MCP depends on your data's classification. Check Using data with AI before you connect anything.
Exclude sensitive, personal or confidential data from prompts and MCP context, and redact secrets and credentials.
Why we are exploring it
The AI Capability and Enablement team is evaluating MCP. It is not yet a recommendation for general use.
Only designated projects use it at the moment, and only after talking to the team.
Talk to the team before using it in delivery. Any exception needs written approval from the relevant Project Architect and the team.
Using MCP safely
If you use MCP, follow these rules:
- connect only to vendor-provided MCP servers that Defra has approved, not community or self-built servers
- use OAuth-based authentication with least-privilege scopes, not Personal Access Tokens
- never auto-approve actions: keep a human in the loop and review tool calls before they run
- restrict access to only the repositories, projects and workspaces you need
Approved MCP servers
These MCP servers are approved for use in Defra. Do not use others unless the AI Capability and Enablement team has approved them.
- Cloud providers: Azure MCP and AWS MCP
- Static analysis: SonarQube MCP server
- Repositories, backlogs and pipelines: Atlassian and Jira, GitHub and Azure DevOps
More information
For how Defra handles AI security and data, see Security and Keeping data safe.
Get help with Model Context Protocol
The AI Capability and Enablement team is evaluating MCP. Talk to us before using it in delivery.