Camp 2: Gateway Security¶
Scaling the Gateway Ridge
Camp Details
Duration: 90 minutes
Azure Services: API Management, Private Endpoints, API Center
Primary Risks: MCP09 (Shadow MCP Servers), MCP02 (Privilege Escalation)
What You'll Learn¶
At this elevation, you'll establish a secure gateway layer for your MCP infrastructure. Learn how to centralize access control, enforce policies, and gain visibility into all MCP server traffic across your organization.
Learning Objectives
- Deploy Azure API Management as an MCP gateway
- Implement network isolation with Private Endpoints
- Establish governance with API Center
- Configure rate limiting and throttling
- Detect and prevent shadow MCP servers
The Challenge¶
Without a central gateway, MCP servers proliferate across your organization—each with different security standards, creating blind spots for attackers. You'll build a unified gateway that brings order to chaos.
What You'll Build¶
-
API Management Gateway
Centralize MCP traffic through a single, secure access point
-
Network Isolation
Use Private Endpoints to keep MCP servers off the public internet
-
API Center Governance
Catalog and govern all MCP servers in your organization
-
Rate Limiting
Protect against abuse with intelligent traffic controls
Coming Soon¶
Under Development
This camp is being crafted with care! Upcoming content includes:
- Exploiting shadow MCP servers and uncontrolled access
- API Management deployment and MCP integration
- Private Link and network topology setup
- API Center registration and discovery
- Policy enforcement and monitoring