8 min readmedium+40 XP

Configure MCP Registries

Registries are how teams discover and govern MCP servers at scale. Learn the difference between the public MCP catalog, the GitHub MCP Registry and a private/enterprise registry — and how each one feeds into a host's allow-list pipeline.

After this topic, you'll be confident about MCP registry, GitHub MCP Registry, Private registry and 1 more concept.

Configure MCP Registries

A registry is a catalog of MCP servers. It tells you which servers exist, what they expose, and how to install them. It does not run them, and it does not gate them — those remain the host's responsibility. Picking the right registry is the difference between a curated, governable agent stack and a wild-west install spree.

The three registries you will meet on the exam

| Registry | Audience | Strength | Use it when | | --- | --- | --- | --- | | Public MCP catalog (modelcontextprotocol.io ecosystem) | Open community | Largest selection | You are evaluating and the workload is non-sensitive. | | GitHub MCP Registry | GitHub Copilot users | Curated, partner-vetted | You want Copilot-friendly servers with a baseline of review. | | Private / enterprise registry | Internal devs | Allow-list at the discovery layer; SSO-aware | You are at an organisation that has a security review process. |

Registry → host → consent

Even with a perfect registry, the host's permission model still runs. A pipeline that takes safety seriously looks like this:

Registry filters what is discoverable.
Host config filters what is installed.
Toolset flags filter what is exposed.
Consent gates filter what is executed.

The exam likes to ask "which control would have prevented this?" Always pick the layer closest to the failure. A registry cannot stop a runaway tool call; only a consent gate can.

Build a Copilot MCP entry

Assemble the config

+40 XP

Assemble a VS Code-style MCP entry that pins a server discovered from a private registry.

Your config

Empty — pick from the right.

Available blocks

Pick blocks in the right order (0/9)

Where this shows up on the exam

If the question gives you a multi-tenant enterprise scenario, the answer almost always includes "private registry" + "pinned versions" + "host consent enforced". If it gives you a single-developer scenario on a personal machine, public catalog + per-call consent is enough.

Anchor concepts

Key terms

MCP registry: A discoverable catalog of MCP servers with metadata about their tools, install instructions and provenance.
GitHub MCP Registry: A GitHub-hosted curated list of MCP servers from partners and the community, used to discover servers vetted for Copilot.
Private registry: An enterprise-controlled MCP catalog (often self-hosted) that only lists servers approved for internal use, behind SSO.
Pinning: Locking a server to a specific version or content hash so an unexpected upstream change cannot silently alter the agent's tool surface.

Watch out

Common pitfalls

Treating any MCP server you find on the public registry as 'safe by default' — registries are catalogs, not security audits. Provenance still matters.
Letting servers auto-update from the registry on every host launch; one bad release will silently change the agent's tools and prompts under your feet.
Skipping pinning so an attacker who compromises a server's npm package immediately attacks every agent that installed it via `npx -y`.