README.md
Secure, delegated access to Microsoft 365 services for AI models
m365-mcp-server
A production-ready MCP (Model Context Protocol) server for Microsoft 365, providing secure access to Email, SharePoint, and OneDrive through Azure AD/Entra ID authentication with OAuth 2.1 + PKCE.
Features
- Email Access: List folders, search messages, read email content (including shared mailboxes)
- Calendar Access: List calendars, browse events, expand recurring events with date ranges
- SharePoint/OneDrive: Browse sites, drives, folders, and read file content
- Document Parsing: Extracts readable text from PDF, Word, Excel, PowerPoint, CSV, and HTML files
- OAuth 2.1 + PKCE: Secure authentication via Azure AD/Entra ID
- Delegated Permissions: Users access only their authorized content
- Open WebUI Compatible: Works with native MCP or MCPO proxy
- Production Ready: Docker support, security hardening, structured audit logging
- Token Revocation: RFC 7009 compliant token revocation endpoint
Quick Start
1. Azure AD Setup
Follow docs/entra-app-registration.md to create an Azure AD app registration with these permissions:
openid,offline_access(OIDC)User.Read,Mail.Read,Mail.Read.Shared,Files.Read,Sites.Read.All,Calendars.Read(Microsoft Graph)
2. Configuration
Create a .env file:
# Azure AD / Entra ID (required)
AZURE_CLIENT_ID=your-client-id
AZURE_CLIENT_SECRET=your-client-secret
AZURE_TENANT_ID=your-tenant-id
# Server
MCP_SERVER_PORT=3000
MCP_SERVER_BASE_URL=http://localhost:3000
SESSION_SECRET=$(openssl rand -hex 32)
# Optional
LOG_LEVEL=info
REDIS_URL=redis://localhost:6379
# OAuth signing keys (required in production)
# OAUTH_SIGNING_KEY_PRIVATE=<base64-encoded PEM>
# OAUTH_SIGNING_KEY_PUBLIC=<base64-encoded PEM>
3. Run Locally
# Install dependencies
npm install
# Development mode
npm run dev
# Production build
npm run build
npm start
4. Authenticate
- Open
http://localhost:3000/auth/loginin a browser - Sign in with your Microsoft 365 account
- Note the session ID returned after login
Docker Deployment
Basic
cd docker
docker-compose up -d m365-mcp-server redis
With Open WebUI
cd docker
docker-compose --profile with-webui up -d
With MCPO Proxy
cd docker
docker-compose --profile with-mcpo up -d
Open WebUI Integration
Option A: Native MCP (Recommended)
- In Open WebUI, go to Admin Settings > Tools
- Add MCP Server:
{ "url": "http://localhost:3000/mcp", "transport": "streamable-http" } - Complete OAuth login when prompted
Option B: Via MCPO Proxy
- Start MCPO with the provided config:
mcpo --config docker/mcpo-config.json --port 8000 - In Open WebUI, add as OpenAPI Tool:
http://localhost:8000/openapi.json
MCP Tools
Email Tools
| Tool | Description |
|---|---|
mail_list_messages |
List messages with optional filters (supports shared mailboxes) |
mail_get_message |
Get full message details with body (HTML→text), CC/BCC, and attachment metadata |
mail_list_folders |
List mail folders or subfolders (supports shared mailboxes) |
mail_get_attachment |
Read and parse email attachments (PDF, Word, Excel, PowerPoint, CSV, HTML→text). Max 20MB |
All email tools accept an optional mailbox parameter (email address or user ID) to access shared mailboxes. Omit to use your personal mailbox. Requires Mail.Read.Shared permission with admin consent.
SharePoint/OneDrive Tools
| Tool | Description |
|---|---|
sp_list_sites |
Search and list SharePoint sites |
sp_list_drives |
List drives (OneDrive/document libraries) |
sp_list_children |
List folder contents |
sp_get_file |
Get file content with automatic document parsing (PDF, Word, Excel, PowerPoint → text). Max 20MB |
OneDrive Tools
| Tool | Description |
|---|---|
od_my_drive |
Get personal OneDrive info including drive ID and storage quota |
od_list_files |
List files and folders in personal OneDrive (root or subfolder) |
od_get_file |
Get file content by item_id with automatic document parsing (PDF, Word, Excel, PowerPoint). Max 20MB |
od_search |
Search for files in personal OneDrive only |
od_recent |
List recently accessed files |
od_shared_with_me |
List files shared with you by others |
Calendar Tools
| Tool | Description |
|---|---|
cal_list_calendars |
List all calendars with metadata |
cal_list_events |
List events with optional date range (expands recurring events) |
cal_get_event |
Get full event details including body/description |
Requires Calendars.Read permission (no admin consent needed). Provide start_date and end_date to expand recurring events into individual occurrences.
API Endpoints
| Endpoint | Method | Description |
|---|
Tools (17)
mail_list_messagesList messages with optional filters including shared mailboxesmail_get_messageGet full message details with body and attachment metadatamail_list_foldersList mail folders or subfoldersmail_get_attachmentRead and parse email attachmentssp_list_sitesSearch and list SharePoint sitessp_list_drivesList drives for SharePoint sitessp_list_childrenList folder contents in SharePointsp_get_fileGet file content with automatic document parsingod_my_driveGet personal OneDrive infood_list_filesList files and folders in personal OneDriveod_get_fileGet file content by item_idod_searchSearch for files in personal OneDriveod_recentList recently accessed filesod_shared_with_meList files shared with youcal_list_calendarsList all calendars with metadatacal_list_eventsList events with optional date rangecal_get_eventGet full event detailsEnvironment Variables
AZURE_CLIENT_IDrequiredAzure AD Client IDAZURE_CLIENT_SECRETrequiredAzure AD Client SecretAZURE_TENANT_IDrequiredAzure AD Tenant IDMCP_SERVER_PORTPort for the serverSESSION_SECRETrequiredSecret for session managementREDIS_URLRedis connection stringConfiguration
claude_desktop_config.json
{"url": "http://localhost:3000/mcp", "transport": "streamable-http"}Try it
→Find the latest email from my manager regarding the project deadline.
→List the files in my 'Project Alpha' OneDrive folder and summarize the content of the latest PDF.
→What is on my calendar for tomorrow afternoon?
→Search my OneDrive for any documents related to the Q3 budget.