Managed MCP - Claude Code
Admin-controlled allow and deny lists for MCP servers.
Managed MCP lets admins define which MCP servers are permitted organization-wide. Individual users can only connect to servers the org has approved.
What it does
Admins publish a managed configuration via the admin console. It lists allowed servers, denied servers, and defaults. Claude Code on managed devices respects the list - you can't add a blocked server, and the allowed ones may come pre-configured. It's how enterprises control the blast radius of MCP.
When to use it
- Any organization using Claude Code at scale.
- Regulated industries where exfiltration risk matters.
- Teams standardizing on a specific MCP toolkit.
- Compliance scenarios where unauthorized MCP servers would violate policy.
Gotchas
- Users can't work around managed MCP on their device. Escalations have to go through admins.
- Managed lists take precedence over user config. Local additions for blocked servers silently fail.
- Admins should document what's allowed and why - opaque deny lists frustrate everyone.
Official docs: https://code.claude.com/docs/en/mcp.md#managed-mcp-configuration
Technical content at the intersection of AI and development. Building with AI agents, Claude Code, and modern dev tools - then showing you exactly how it works.
Get the weekly deep dive
Tutorials on Claude Code, AI agents, and dev tools - delivered free every week.
Was this helpful?
