Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP Microsoft OfficeWhat do I have on my calendar for tomorrow?"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Microsoft Office
One MCP server. Multiple users. Real Microsoft 365 traffic on your test tenant.
The Problem
Test tenants sit empty. Static test data does not exercise real workflows. When you need agents that send real emails, schedule real meetings, and collaborate in real Teams channels, mocks and stubs fall short.
What This Solves
This project connects any MCP-compatible AI client to Microsoft 365 through the Graph API. Each agent authenticates as a distinct tenant user and performs real operations against real data.
78 tools across 9 modules: Mail, Calendar, Files, Teams, Contacts, To-Do, Groups, People, Search
Multi-user: one server supports your entire team, each with isolated data
Real Graph API calls: every operation hits the actual tenant, not a mock
Secure: tokens encrypted at rest, no credentials stored on third-party servers
Architecture
┌──────────────────┐
│ MCP Client │
│ (Claude, etc.) │
└────────┬─────────┘
│ JSON-RPC (stdin/stdout)
┌────────▼─────────┐
│ MCP Adapter │
│ (runs locally) │
└────────┬─────────┘
│ HTTP + Bearer Token
┌────────▼─────────┐
│ MCP Server │
│ (local or │
│ remote) │
└────────┬─────────┘
│ Microsoft Graph API
┌────────▼─────────┐
│ Microsoft 365 │
│ (your tenant) │
└──────────────────┘Three parts:
MCP Client -- the AI you interact with
MCP Adapter -- a Node.js process that translates MCP protocol to HTTP requests (runs on the same machine as the client)
MCP Server -- handles authentication and calls the Microsoft Graph API (runs locally or on a remote server)
Permissions
The server requires 18 Microsoft Graph delegated permissions. Twelve work without admin consent. Six require a tenant administrator to grant consent.
No Admin Consent Required
Permission | Tools Unlocked |
| Authentication, user profile |
| readMail, readMailDetails, markEmailRead, flagMail, getMailAttachments, addMailAttachment, removeMailAttachment |
| sendMail, replyToMail |
| getEvents, createEvent, updateEvent, cancelEvent, acceptEvent, tentativelyAcceptEvent, declineEvent, getAvailability, findMeetingTimes, getRooms, getCalendars, addAttachment, removeAttachment |
| listFiles, uploadFile, downloadFile, getFileMetadata, getFileContent, setFileContent, updateFileContent, createSharingLink, getSharingLinks, removeSharingPermission, listChannelFiles, uploadFileToChannel, readChannelFile |
| listContacts, getContact, createContact, updateContact, deleteContact, searchContacts |
| listTaskLists, getTaskList, createTaskList, updateTaskList, deleteTaskList, listTasks, getTask, createTask, updateTask, deleteTask, completeTask |
| listChats, createChat, getChatMessages, sendChatMessage |
| listTeamChannels, getChannelMessages |
| sendChannelMessage, replyToMessage |
| createTeamChannel |
| createOnlineMeeting, getOnlineMeeting, listOnlineMeetings, getMeetingByJoinUrl |
Requires Admin Consent
Permission | Additional Tools Unlocked |
| Resolve user IDs across Teams, People search |
| findPeople, getRelevantPeople, getPersonById |
| listGroups, getGroup, listGroupMembers, listMyGroups |
| addChannelMember |
| Read channel message history |
| getMeetingTranscripts, getMeetingTranscriptContent |
Without admin consent, you get Mail, Calendar, Files, Contacts, To-Do, Chat, and basic Teams channel operations. With admin consent, you add People directory search, Groups, channel member management, and meeting transcripts.
Quick Start
Prerequisites
Node.js 18+ (download)
Claude Desktop (download) or another MCP client
Microsoft 365 account (work, school, or personal)
Step 1: Azure App Registration
Go to Azure Portal > Microsoft Entra ID > App registrations > New registration
Name it
MCP-Microsoft-Office, register with your preferred account typeCopy the Application (client) ID and Directory (tenant) ID
Go to API permissions > Add a permission > Microsoft Graph > Delegated permissions
Add the 18 permissions listed above
If you are a tenant admin, click Grant admin consent
Go to Authentication > Add a platform > Web
Redirect URI:
http://localhost:3000/api/auth/callbackEnable Allow public client flows
Step 2: Clone and Configure
git clone https://github.com/Aanerud/MCP-Microsoft-Office.git
cd MCP-Microsoft-Office
npm installCopy .env.example to .env and fill in your Azure app details:
MICROSOFT_CLIENT_ID=your-client-id
MICROSOFT_TENANT_ID=your-tenant-idStep 3: Start the Server and Authenticate
npm run dev:webOpen http://localhost:3000 in your browser. Click Login with Microsoft, sign in, and grant permissions. Then click Generate MCP Token and copy the token.
Step 4: Configure Claude Desktop
Edit your Claude Desktop config:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"microsoft365": {
"command": "node",
"args": ["/path/to/MCP-Microsoft-Office/mcp-adapter.cjs"],
"env": {
"MCP_SERVER_URL": "http://localhost:3000",
"MCP_BEARER_TOKEN": "paste-your-token-here"
}
}
}
}Restart Claude Desktop. Ask: "What's on my calendar today?"
Tools (78)
Mail (9)
Tool | Description |
| Read inbox messages |
| Send an email |
| Reply to an email |
| Get full email content |
| Mark email as read/unread |
| Flag or unflag an email |
| List email attachments |
| Add attachment to email |
| Remove attachment from email |
Calendar (13)
Tool | Description |
| Get calendar events |
| Create a meeting or event |
| Modify an existing event |
| Cancel an event |
| Accept a meeting invitation |
| Tentatively accept |
| Decline a meeting invitation |
| Check free/busy times |
| Find optimal meeting slots |
| Find meeting rooms |
| List all calendars |
| Add attachment to event |
| Remove event attachment |
Files (10)
Tool | Description |
| List OneDrive files |
| Upload a file |
| Download a file |
| Get file info |
| Read file contents |
| Write file contents |
| Update existing file |
| Create a sharing link |
| List sharing links |
| Remove sharing access |
Teams (21)
Tool | Description |
| List Teams chats |
| Create a new chat |
| Read chat messages |
| Send a chat message |
| List your teams |
| List team channels |
| Create a channel |
| Add member to channel |
| Read channel messages |
| Post to a channel |
| Reply to a channel message |
| List files in a channel |
| Upload file to channel |
| Read a channel file |
| Create a Teams meeting |
| Get meeting details |
| List online meetings |
| Find meeting by join URL |
| Get meeting transcripts |
| Read transcript content |
(Note:
Contacts (6)
Tool | Description |
| List contacts |
| Get contact details |
| Create a contact |
| Update contact info |
| Delete a contact |
| Search contacts |
To-Do (11)
Tool | Description |
| List task lists |
| Get a task list |
| Create a task list |
| Rename a task list |
| Delete a task list |
| List tasks |
| Get task details |
| Create a task |
| Update a task |
| Delete a task |
| Mark task complete |
Groups (4)
Tool | Description |
| List Microsoft 365 groups |
| Get group details |
| List group members |
| List your groups |
People (3)
Tool | Description |
| Search the directory |
| Get frequent contacts |
| Get person details |
Search (1)
Tool | Description |
| Unified search across emails, files, events, and chat messages |
Multi-User
Each user authenticates independently. The server isolates all data by user identity.
Alice (alice@contoso.com) Bob (bob@contoso.com)
├─ Her own Microsoft tokens ├─ His own Microsoft tokens
├─ Her own session ├─ His own session
└─ Claude Desktop (her laptop) └─ Claude Desktop (his PC)
Complete data isolation.
Alice never sees Bob's data.For automated testing with multiple agents, use the ROPC (Resource Owner Password Credentials) flow to authenticate programmatically:
# Start the server
npm run dev:web
# Run the E2E test suite (authenticates 3 users via ROPC)
node tests/run-all.cjsThe test suite authenticates multiple users, then exercises all 78 tools across 9 modules plus 5 cross-module workflows. See tests/ for the full implementation.
E2E Test Suite
The project includes a comprehensive test suite covering all 78 tools.
# Run all tests (requires server running)
node tests/run-all.cjs
# Run a single module
node tests/run-all.cjs --bucket mail --buckets-only
# Run only workflows
node tests/run-all.cjs --workflows-onlyTest structure:
tests/
lib/ Shared auth, HTTP client, reporter
buckets/ One file per module (9 files, 78 tools)
workflows/ Cross-module tests (5 files)
run-all.cjs Master runnerTests authenticate via ROPC (no manual token management) and run in ~100 seconds.
Environment Variables
Copy .env.example to .env and configure:
Variable | Required | Description |
| Yes | Azure App Client ID |
| Yes | Azure Tenant ID |
| No | OAuth callback URL (default: |
| Production | 32-byte encryption key for token storage |
| Production | Secret for signing JWT tokens |
| Production | Comma-separated allowed origins |
| No | Server port (default: |
| No |
|
Deployment
Local (Recommended for Getting Started)
npm install
npm run dev:webAzure App Service
See docs/azure-deployment.md for CI/CD deployment with GitHub Actions.
Security
Encrypted storage: all Microsoft tokens encrypted at rest with AES-256
No client secrets: uses public client flow (PKCE) for desktop authentication
Token isolation: each user's tokens stored separately with different encryption keys
Rate limiting: built-in rate limiting protects against abuse
CORS protection: origin allowlist in production
Session expiry: sessions expire after 24 hours
Production Checklist
Set
NODE_ENV=productionSet
DEVICE_REGISTRY_ENCRYPTION_KEY(32 bytes)Set
JWT_SECRET(strong random string)Set
CORS_ALLOWED_ORIGINSUse HTTPS with a valid certificate
Project Structure
MCP-Microsoft-Office/
├── mcp-adapter.cjs MCP protocol adapter (runs locally)
├── src/
│ ├── api/ Express routes and controllers
│ ├── auth/ MSAL authentication
│ ├── core/ Services (cache, storage, tools)
│ ├── graph/ Microsoft Graph API services
│ └── modules/ Feature modules (mail, calendar, etc.)
├── public/ Web UI
└── tests/ E2E test suite (gitignored)Contributing
Fork the repository
Create a feature branch
Make your changes
Submit a pull request
License
MIT License -- see LICENSE file.