Microsoft 365 MCP Server

v1.0.0

Integrate Microsoft 365 to manage Outlook email, calendar events, OneDrive files, Tasks, Teams chats, and user profiles via Microsoft Graph and MCP protocol.

⭐ 4· 2.9k·12 current·14 all-time

by@makhatib

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The name, README, SKILL.md and src/index.ts all implement a Microsoft 365 MCP server (Graph API calls for mail, calendar, OneDrive, Teams, users). That is internally consistent with the stated purpose. However the registry metadata lists no required environment variables or primary credential while both SKILL.md and src/index.ts clearly require TENANT_ID, CLIENT_ID, CLIENT_SECRET (and optionally DEFAULT_USER). The metadata omission is an incoherence that hides the need for sensitive credentials.

Instruction Scope

SKILL.md gives precise setup steps (create Azure Entra app, grant admin consent for many Application permissions, store client secret in env, add mcporter config). The instructions do not attempt to read arbitrary local files or call unexpected endpoints — the code only calls Microsoft identity and Graph endpoints. But the instructions explicitly require admin consent and a wide set of application permissions, which is scope-expanding and high-risk for tenant-wide access. Also the runtime instructions reference environment variables that the registry metadata did not declare.

✓

Install Mechanism

No remote download/extract install spec. This is an instruction/code bundle using standard npm dependencies (@modelcontextprotocol/sdk and dotenv). There are no URLs to arbitrary servers or obfuscated installers in the repo. Building and running is via tsc/npm which is normal.

Credentials

The skill requires tenant-level Graph application credentials (client id/secret/tenant) and SKILL.md asks for admin consent to Application permissions including Mail.ReadWrite, Files.ReadWrite.All, Chat.ReadWrite.All, User.Read.All, etc. These permissions permit read/write access across the entire tenant (emails, files, Teams chats, send-as capabilities). The number and scope of secrets is appropriate for the implemented functionality, but the privileges requested are broad and powerful — greater than a per-user least-privilege integration. Additionally, the package registry metadata did not declare these env vars/credentials, reducing transparency.

Persistence & Privilege

always is false (good), and disable-model-invocation is false (default). However because the skill operates with tenant-level credentials (admin-consented application permissions), allowing the agent to invoke this skill autonomously increases the blast radius — the agent could perform organization-wide actions (read mail/files, send mail, access chats) without further user interaction. This combination (autonomous invocation + tenant-wide creds) is high risk even though autonomy by itself is normal.

What to consider before installing

This skill implements a full Microsoft 365 integration and needs tenant-level Azure app credentials (TENANT_ID, CLIENT_ID, CLIENT_SECRET) and admin-consented application permissions. Before installing: 1) Don’t trust the registry metadata alone — it fails to list the required secrets; verify SKILL.md and code. 2) Only install if you trust the author and you understand the privileges you will grant — the requested permissions give tenant-wide read/write access to mail, files, Teams, and users. 3) Prefer creating a dedicated least-privilege Azure app (grant only the exact permissions you need), use a test or limited tenant, and avoid granting Mail.Send or Files.ReadWrite.All unless absolutely necessary. 4) Rotate and store the client secret securely; do not reuse high-priv creds. 5) If you must run in production, consider restricting the app (permission scoping, conditional access) and review the source code yourself (it only calls Microsoft identity and graph endpoints). 6) Be aware that the agent may invoke the skill autonomously; combine that with strong controls and monitoring (audit logs, limited service account) to reduce risk.

Like a lobster shell, security has layers — review code before you run it.

calendarvk97b8m7wcswym7jyfkrstv1ffs7zz7hgemailvk97b8m7wcswym7jyfkrstv1ffs7zz7hglatestvk97b8m7wcswym7jyfkrstv1ffs7zz7hglatest microsoft365vk97b8m7wcswym7jyfkrstv1ffs7zz7hgmcpvk97b8m7wcswym7jyfkrstv1ffs7zz7hgonedrivevk97b8m7wcswym7jyfkrstv1ffs7zz7hgoutlookvk97b8m7wcswym7jyfkrstv1ffs7zz7hgteamsvk97b8m7wcswym7jyfkrstv1ffs7zz7hg

2.9kdownloads

4stars

1versions

Updated 6h ago

v1.0.0

MIT-0

Microsoft 365 MCP Server

Full Microsoft 365 integration via Model Context Protocol (MCP).

Features

📧 Mail (Outlook)

List, read, send, and search emails
Filter by folder (inbox, sent, drafts)
HTML email support

📅 Calendar

List and create events
Teams meeting integration
Check availability/free-busy

📁 OneDrive

Browse files and folders
Search files
Read file content

✅ Tasks (Microsoft To-Do)

List task lists
Create and manage tasks
Set importance and due dates

💬 Teams

List chats
Read and send messages

👥 Users

List organization users
Get user profiles

Requirements

Node.js 18+
Azure Entra ID App with Microsoft Graph permissions

Setup

1. Create Azure Entra ID App

Go to Azure Portal
Navigate to Microsoft Entra ID → App registrations → New registration
Configure:
- Name: MCP-Microsoft365
- Supported account types: Single tenant (recommended)
- Redirect URI: http://localhost:3000/callback

2. Add API Permissions

Add these Application permissions for Microsoft Graph:

Mail.Read, Mail.Send, Mail.ReadWrite
Calendars.Read, Calendars.ReadWrite
Files.Read.All, Files.ReadWrite.All
Tasks.Read.All, Tasks.ReadWrite.All
Chat.Read.All, Chat.ReadWrite.All
User.Read.All

Important: Click "Grant admin consent"

3. Get Credentials

Save these values:

Application (client) ID
Directory (tenant) ID
Client Secret (create under Certificates & secrets)

4. Install

# Clone/download the skill
cd mcp-microsoft365

# Install dependencies
npm install

# Build
npm run build

5. Configure mcporter

mcporter config add m365 --stdio "node /path/to/mcp-microsoft365/dist/index.js"

Edit config/mcporter.json to add environment variables:

{
  "mcpServers": {
    "m365": {
      "command": "node /path/to/dist/index.js",
      "env": {
        "TENANT_ID": "your-tenant-id",
        "CLIENT_ID": "your-client-id",
        "CLIENT_SECRET": "your-client-secret",
        "DEFAULT_USER": "user@yourdomain.com"
      }
    }
  }
}

Usage

Email

# List recent emails
mcporter call m365.m365_mail_list top:5

# Send email
mcporter call m365.m365_mail_send to:"recipient@email.com" subject:"Hello" body:"<p>Hi!</p>"

# Search
mcporter call m365.m365_mail_search query:"important"

Calendar

# List events
mcporter call m365.m365_calendar_list top:10

# Create event with Teams meeting
mcporter call m365.m365_calendar_create subject:"Team Sync" start:"2026-01-27T10:00:00" end:"2026-01-27T11:00:00" isOnline:true

Files

# List OneDrive root
mcporter call m365.m365_files_list

# Search files
mcporter call m365.m365_files_search query:"report"

Tasks

# List task lists
mcporter call m365.m365_tasks_lists

Teams

# List chats
mcporter call m365.m365_teams_chats top:10

19 Available Tools

Tool	Description
`m365_mail_list`	List emails
`m365_mail_read`	Read email by ID
`m365_mail_send`	Send email
`m365_mail_search`	Search emails
`m365_calendar_list`	List events
`m365_calendar_create`	Create event
`m365_calendar_availability`	Check free/busy
`m365_files_list`	List files
`m365_files_search`	Search files
`m365_files_read`	Read file content
`m365_files_info`	Get file metadata
`m365_tasks_lists`	List task lists
`m365_tasks_list`	List tasks
`m365_tasks_create`	Create task
`m365_teams_chats`	List chats
`m365_teams_messages`	Read messages
`m365_teams_send`	Send message
`m365_users_list`	List users
`m365_user_info`	Get user profile

Author

Mahmoud Alkhatib

Website: malkhatib.com
YouTube: @malkhatib
Twitter: @malkhateeb

License

MIT

Comments

Loading comments...