Enables configuration through .env files, allowing secure storage of environment variables such as tenant IDs, client credentials, and API settings for the Microsoft Graph service.
Supports running tests for the Microsoft Graph MCP server, including coverage reporting and selective test execution to verify functionality.
Serves as the core implementation language for the Microsoft Graph MCP server, with requirements for Python 3.10 or higher and support for programmatic usage through Python imports.
Provides code linting capabilities for maintaining code quality in the Microsoft Graph MCP server implementation.
Microsoft Graph MCP Server
A comprehensive Model Context Protocol (MCP) server implementation for Microsoft Graph v2 beta API. This server enables AI applications to interact with Microsoft 365 and Azure AD services through standardized MCP interfaces.
Features
Core Capabilities
- Multiple Authentication Methods: Client credentials, device code, interactive browser, managed identity, Azure CLI
- Comprehensive API Coverage: Users, groups, applications, directory roles, and organizational data
- Production Ready: Rate limiting, retry logic, error handling, and async operations
- Configurable: Extensive configuration options with environment variable support
- Secure: Token caching, SSL validation, and permission-based access control
MCP Interfaces
Tools (Direct Operations)
- User Management: List, get, create, update, delete users
- Group Management: List groups, manage members, get group details
- Application Management: List applications and service principals
- Directory Operations: Get organization info, directory roles, and role members
- Utility Tools: Connection testing, service information
Resources (Structured Data Access)
- Static Resources: Current user profile, organization info, service metadata
- Collections: Users, groups, applications with pagination support
- Schemas: Object type definitions for understanding data structures
- Dynamic Resources: Specific users/groups/applications by ID with URI-based access
Prompts (AI Workflows)
- Security Analysis: User profiles, permissions, application security reviews
- Management Workflows: User lifecycle, group membership analysis, role assignments
- Reporting: Inactive users, organizational health checks, compliance reviews
Installation
Prerequisites
- Python 3.10 or higher
- Azure AD application registration with appropriate permissions
- Microsoft 365 or Azure AD tenant access
Install from Source
Install Development Dependencies
Configuration
Environment Variables
The server can be configured using environment variables with the MSGRAPH_
prefix:
Configuration File
Create a .env
file in your working directory:
Authentication Methods
1. Client Credentials (Service-to-Service)
2. Device Code Flow
3. Interactive Browser
4. Managed Identity (Azure)
5. Azure CLI
Usage
Command Line Interface
Programmatic Usage
Integration with MCP Clients
The server implements the standard MCP protocol and can be used with any MCP-compatible client:
Azure AD Application Setup
Required Permissions
Your Azure AD application needs the following Microsoft Graph permissions:
Application Permissions (for service-to-service scenarios)
User.Read.All
- Read all user profilesGroup.Read.All
- Read all groupsApplication.Read.All
- Read all applicationsDirectory.Read.All
- Read directory dataOrganization.Read.All
- Read organization information
Delegated Permissions (for user-context scenarios)
User.Read
- Read user profileUser.ReadWrite.All
- Read and write all user profilesGroup.ReadWrite.All
- Read and write all groupsDirectory.AccessAsUser.All
- Access directory as user
Grant Admin Consent
After configuring permissions, ensure admin consent is granted for your tenant.
API Examples
Using Tools
Using Resources
Using Prompts
Development
Project Structure
Running Tests
Code Quality
Security Considerations
- Credential Management: Never commit secrets to version control
- Least Privilege: Only enable required feature toggles and permissions
- Network Security: Use SSL validation in production
- Token Security: Tokens are cached securely and refreshed automatically
- Rate Limiting: Built-in rate limiting prevents API abuse
Troubleshooting
Common Issues
Authentication Errors
Permission Errors
Rate Limiting
Debug Logging
Enable debug logging to troubleshoot issues:
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
License
MIT License - see LICENSE file for details.
Support
For issues and questions:
- Check the troubleshooting section
- Review Microsoft Graph documentation
- Open an issue on the repository
- Check Azure AD application configuration
Note: This implementation uses Microsoft Graph v2 beta endpoints. Some features may change or require different permissions as Microsoft updates their API.
This server cannot be installed
A comprehensive server that enables AI applications to interact with Microsoft 365 and Azure AD services through standardized Model Context Protocol interfaces.
Related MCP Servers
- AsecurityAlicenseAqualityThis server provides a convenient API for interacting with Azure DevOps services, enabling AI assistants and other tools to manage work items, code repositories, boards, sprints, and more. Built with the Model Context Protocol, it provides a standardized interface for communicating with Azure DevOpsLast updated -9636TypeScriptMIT License
- AsecurityAlicenseAqualityA Model Context Protocol server that enables AI assistants to interact with Azure DevOps resources including projects, work items, repositories, pull requests, branches, and pipelines through a standardized protocol.Last updated -151,195264TypeScriptMIT License
- -securityFlicense-qualityA reference server implementation for the Model Context Protocol that enables AI assistants to interact with Azure DevOps resources and perform operations such as project management, work item tracking, repository operations, and code search programmatically.Last updated -3TypeScript
- AsecurityAlicenseAqualityA Model Context Protocol server that enables AI assistants to interact with Azure DevOps services, allowing users to query work items with plans to support creating/updating items, managing pipelines, handling pull requests, and administering sprints and branch policies.Last updated -950PythonMIT License