Enables configuration through .env files, allowing secure storage of environment variables such as tenant IDs, client credentials, and API settings for the Microsoft Graph service.
Supports running tests for the Microsoft Graph MCP server, including coverage reporting and selective test execution to verify functionality.
Serves as the core implementation language for the Microsoft Graph MCP server, with requirements for Python 3.10 or higher and support for programmatic usage through Python imports.
Provides code linting capabilities for maintaining code quality in the Microsoft Graph MCP server implementation.
Microsoft Graph MCP Server
A comprehensive Model Context Protocol (MCP) server implementation for Microsoft Graph v2 beta API. This server enables AI applications to interact with Microsoft 365 and Azure AD services through standardized MCP interfaces.
Features
Core Capabilities
Multiple Authentication Methods: Client credentials, device code, interactive browser, managed identity, Azure CLI
Comprehensive API Coverage: Users, groups, applications, directory roles, and organizational data
Production Ready: Rate limiting, retry logic, error handling, and async operations
Configurable: Extensive configuration options with environment variable support
Secure: Token caching, SSL validation, and permission-based access control
MCP Interfaces
Tools (Direct Operations)
User Management: List, get, create, update, delete users
Group Management: List groups, manage members, get group details
Application Management: List applications and service principals
Directory Operations: Get organization info, directory roles, and role members
Utility Tools: Connection testing, service information
Resources (Structured Data Access)
Static Resources: Current user profile, organization info, service metadata
Collections: Users, groups, applications with pagination support
Schemas: Object type definitions for understanding data structures
Dynamic Resources: Specific users/groups/applications by ID with URI-based access
Prompts (AI Workflows)
Security Analysis: User profiles, permissions, application security reviews
Management Workflows: User lifecycle, group membership analysis, role assignments
Reporting: Inactive users, organizational health checks, compliance reviews
Installation
Prerequisites
Python 3.10 or higher
Azure AD application registration with appropriate permissions
Microsoft 365 or Azure AD tenant access
Install from Source
Install Development Dependencies
Configuration
Environment Variables
The server can be configured using environment variables with the MSGRAPH_
prefix:
Configuration File
Create a .env
file in your working directory:
Authentication Methods
1. Client Credentials (Service-to-Service)
2. Device Code Flow
3. Interactive Browser
4. Managed Identity (Azure)
5. Azure CLI
Usage
Command Line Interface
Programmatic Usage
Integration with MCP Clients
The server implements the standard MCP protocol and can be used with any MCP-compatible client:
Azure AD Application Setup
Required Permissions
Your Azure AD application needs the following Microsoft Graph permissions:
Application Permissions (for service-to-service scenarios)
User.Read.All
- Read all user profilesGroup.Read.All
- Read all groupsApplication.Read.All
- Read all applicationsDirectory.Read.All
- Read directory dataOrganization.Read.All
- Read organization information
Delegated Permissions (for user-context scenarios)
User.Read
- Read user profileUser.ReadWrite.All
- Read and write all user profilesGroup.ReadWrite.All
- Read and write all groupsDirectory.AccessAsUser.All
- Access directory as user
Grant Admin Consent
After configuring permissions, ensure admin consent is granted for your tenant.
API Examples
Using Tools
Using Resources
Using Prompts
Development
Project Structure
Running Tests
Code Quality
Security Considerations
Credential Management: Never commit secrets to version control
Least Privilege: Only enable required feature toggles and permissions
Network Security: Use SSL validation in production
Token Security: Tokens are cached securely and refreshed automatically
Rate Limiting: Built-in rate limiting prevents API abuse
Troubleshooting
Common Issues
Authentication Errors
Permission Errors
Rate Limiting
Debug Logging
Enable debug logging to troubleshoot issues:
Contributing
Fork the repository
Create a feature branch
Make your changes
Add tests for new functionality
Ensure all tests pass
Submit a pull request
License
MIT License - see LICENSE file for details.
Support
For issues and questions:
Check the troubleshooting section
Review Microsoft Graph documentation
Open an issue on the repository
Check Azure AD application configuration
Note: This implementation uses Microsoft Graph v2 beta endpoints. Some features may change or require different permissions as Microsoft updates their API.
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
A comprehensive server that enables AI applications to interact with Microsoft 365 and Azure AD services through standardized Model Context Protocol interfaces.
Related MCP Servers
- AsecurityAlicenseAqualityThis server provides a convenient API for interacting with Azure DevOps services, enabling AI assistants and other tools to manage work items, code repositories, boards, sprints, and more. Built with the Model Context Protocol, it provides a standardized interface for communicating with Azure DevOpsLast updated -4147MIT License
- AsecurityAlicenseAqualityA Model Context Protocol server that enables AI assistants to interact with Azure DevOps resources including projects, work items, repositories, pull requests, branches, and pipelines through a standardized protocol.Last updated -15652295MIT License
- AsecurityAlicenseAqualityA Model Context Protocol server that enables AI assistants to interact with Azure DevOps services, allowing users to query work items with plans to support creating/updating items, managing pipelines, handling pull requests, and administering sprints and branch policies.Last updated -2174MIT License
- -security-license-qualityA Model Context Protocol server that connects to Microsoft Graph API, allowing AI assistants to query and access data from Microsoft Entra ID (formerly Azure Active Directory).