Entra Permissions MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| PORT | No | HTTP port for the streamable HTTP transport. | 3000 |
| ENTRA_DATA_DIR | No | Override the local fallback directory (defaults to data/). | data/ |
| ENTRA_DATA_BASE_URL | No | Override the remote base URL (defaults to the jsDelivr CDN path). Set to an empty string to disable remote fetching. | https://cdn.jsdelivr.net/gh/mjendza/entra-id-permissions-mcp@main/data/ |
| ENTRA_DATA_LOCAL_ONLY | No | Set to any value to skip the network entirely and read local files. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| resources | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| search_graph_application_permissionsA | Search Microsoft Graph Application permissions (app roles) by keyword across the scope Value, DisplayName, and Description. Application permissions grant app-only (no signed-in user) access. |
| search_graph_delegated_permissionsA | Search Microsoft Graph Delegated permissions (oauth2 scopes) by keyword across the scope Value and the admin/user consent display names and descriptions. Optionally filter by consent Type (Admin or User). |
| get_permissionA | Exact lookup of a Graph permission by its scope Value (e.g. 'User.Read.All') or its GUID Id. Searches Application and/or Delegated datasets. A scope can exist in both, so matches from each dataset are returned. Provide either value or id. |
| search_microsoft_appsA | Search Microsoft first-party applications by display name or AppId. Returns a summary (without the full AppRoles array); use get_microsoft_app for an app's roles. |
| get_microsoft_appA | Return the full record for a single Microsoft first-party app, including all of its exposed AppRoles, looked up by exact AppId (GUID). |
| search_app_rolesA | Search the app roles exposed by all Microsoft first-party apps by keyword (role Value, DisplayName, or Description). Each result includes the owning app's AppId and AppDisplayName — useful to find which app exposes a given role. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| graph-application-permissions | Full Microsoft Graph Application permissions dataset (app roles). |
| graph-delegated-permissions | Full Microsoft Graph Delegated permissions dataset (oauth2 scopes). |
| microsoft-apps | Full Microsoft first-party apps dataset with their exposed app roles. |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/mjendza/entra-id-permissions-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server