Microsoft 365 MCP Server
A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Microsoft Office services through the Graph API.
- Node.js >= 14
- Authentication via Microsoft Authentication Library (MSAL)
- Excel file operations
- Calendar event management
- Mail operations
- OneDrive file management
- OneNote notebooks and pages
- To Do tasks and task lists
- Planner plans and tasks
- Outlook contacts
Test login in Claude Desktop:
To add this MCP server to Claude Desktop:
Edit the config file under Settings > Developer:
{
"mcpServers": {
"ms365": {
"command": "npx",
"args": ["-y", "@softeria/ms-365-mcp-server"]
}
}
}claude mcp add ms365 -- npx -y @softeria/ms-365-mcp-serverFor other interfaces that support MCPs, please refer to their respective documentation for the correct integration method.
⚠️ You must authenticate before using tools.
The server supports two authentication methods:
For interactive authentication via device code:
- MCP client login:
- Call the
logintool (auto-checks existing token) - If needed, get URL+code, visit in browser
- Use
verify-logintool to confirm
- Call the
- CLI login:
Follow the URL and code prompt in the terminal.
npx @softeria/ms-365-mcp-server --login
Tokens are cached securely in your OS credential store (fallback to file).
When running with --http, the server requires OAuth authentication:
npx @softeria/ms-365-mcp-server --http 3000This mode:
- Advertises OAuth capabilities to MCP clients
- Provides OAuth endpoints at
/auth/*(authorize, token, metadata) - Requires
Authorization: Bearer <token>for all MCP requests - Validates tokens with Microsoft Graph API
- Disables login/logout tools by default (use
--enable-auth-toolsto enable them)
MCP clients will automatically handle the OAuth flow when they see the advertised capabilities.
Note: HTTP mode requires authentication. For unauthenticated testing, use stdio mode with device code flow.
Authentication Tools: In HTTP mode, login/logout tools are disabled by default since OAuth handles authentication. Use
--enable-auth-toolsif you need them available.
The following options can be used when running ms-365-mcp-server directly from the command line:
--login Login using device code flow
--logout Log out and clear saved credentials
--verify-login Verify login without starting the server
When running as an MCP server, the following options can be used:
-v Enable verbose logging
--read-only Start server in read-only mode, disabling write operations
--http [port] Use Streamable HTTP transport instead of stdio (optionally specify port, default: 3000)
Starts Express.js server with MCP endpoint at /mcp
--enable-auth-tools Enable login/logout tools when using HTTP mode (disabled by default in HTTP mode)
--enabled-tools <pattern> Filter tools using regex pattern (e.g., "excel|contact" to enable Excel and Contact tools)
Environment variables:
READ_ONLY=true|1: Alternative to --read-only flagENABLED_TOOLS: Filter tools using regex pattern (alternative to --enabled-tools flag)LOG_LEVEL: Set logging level (default: 'info')SILENT=true: Disable console outputMS365_MCP_CLIENT_ID: Custom Azure app client ID (defaults to built-in app)MS365_MCP_TENANT_ID: Custom tenant ID (defaults to 'common' for multi-tenant)
If you're having problems or need help:
- Create an issue
- Start a discussion
- Email: eirikb@eirikb.no
- Discord: https://discord.gg/WvGVNScrAZ or @eirikb
MIT © 2025 Softeria