Microsoft Entra MCP Server

The Microsoft MCP Server for Enterprise is an officially hosted remote MCP server that lets AI agents query Microsoft Entra (Azure AD) identity and directory data through natural language. Instead of exposing one tool per Graph API operation, it ships three general purpose tools that use retrieval and few-shot prompting to generate the right Microsoft Graph calls for the user's intent, then execute them with the caller's delegated permissions.

The server runs at https://mcp.svc.cloud.microsoft/enterprise and is aimed at IT administrators, security engineers, and identity developers who want to investigate identity posture, role assignments, conditional access, application risk, sign-in and audit logs, device compliance, and license usage from clients like Claude, ChatGPT, VS Code, GitHub Copilot CLI, Microsoft Copilot Studio, and Microsoft Foundry.

This is currently a public preview, read-only service. Write operations and sovereign cloud support are listed as planned. It does not require additional licensing on top of existing Microsoft Entra and Microsoft Graph entitlements, but data scope is gated by the user's role and the licenses the tenant already owns (for example, Entra ID P2 for PIM data).

Tools

Prerequisites

• A Microsoft Entra tenant where you can grant admin consent
• PowerShell 7+ and the Microsoft.Entra.Beta module (v1.0.13 or later) for VS Code / Copilot CLI flows
• Appropriate Entra licenses for the data you want to query (for example Entra ID P2 for PIM)

One-time tenant provisioning

1. In Graph Explorer, provision the MCP service principal:

   POST https://graph.microsoft.com/v1.0/servicePrincipals
   Content-Type: application/json
   
   { "appId": "e8c77dc2-69b3-43f4-bc51-3213c9d915b4" }
   

2. Register an MCP Client application in your tenant with the redirect URI for the client you plan to use.

3. Grant MCP permissions between the server and your client app:

   Install-Module Microsoft.Entra.Beta -Force -AllowClobber
   Connect-Entra -Scopes 'Application.ReadWrite.All','DelegatedPermissionGrant.ReadWrite.All'
   Grant-EntraBetaMCPServerPermission -ApplicationName VisualStudioCode
   

Claude Desktop

Register a custom connector under Settings → Apps → Create App with redirect URI https://claude.ai/api/mcp/auth_callback and the following configuration:

{
  "name": "Microsoft MCP Server for Enterprise",
  "type": "http",
  "url": "https://mcp.svc.cloud.microsoft/enterprise",
  "auth": {
    "type": "oauth2",
    "client_id": "<YOUR_REGISTERED_APP_ID>",
    "auth_url": "https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize",
    "token_url": "https://login.microsoftonline.com/organizations/oauth2/v2.0/token",
    "redirect_uri": "https://claude.ai/api/mcp/auth_callback",
    "scopes": ["api://e8c77dc2-69b3-43f4-bc51-3213c9d915b4/.default"]
  }
}

GitHub Copilot CLI (custom app)

Add to ~/.copilot/mcp-config.json and set the redirect URI on your app to http://127.0.0.1:51001:

{
  "mcp-enterprise": {
    "type": "http",
    "url": "https://mcp.svc.cloud.microsoft/enterprise",
    "oauthClientId": "<REGISTERED_APP_CLIENT_ID>",
    "oauthPublicClient": true
  }
}

VS Code

After running the PowerShell grant above, use the install link in the repo and authenticate with tenant credentials. The MCP endpoint is the same https://mcp.svc.cloud.microsoft/enterprise.

Rate limits

• 100 requests per minute per user, plus standard Microsoft Graph throttling.

• Audit privileged access: list directory role assignments, eligible PIM principals, and Conditional Access policies that exempt admin accounts.
• Investigate sign-ins and audit logs for a specific user or app, including risky sign-ins and consent grants.
• Triage application risk by enumerating app registrations, owners, redirect URIs, and permission grants.
• Run access governance checks for joiner / mover / leaver scenarios, including group memberships and license assignments.
• Optimize licensing by querying assigned vs available SKUs and surfacing underused licenses across the tenant.

• "List all users assigned the Global Administrator role and show which ones do not have phishing-resistant MFA."
• "Which Conditional Access policies exclude break-glass accounts, and when were they last modified?"
• "Show the top 10 applications by number of risky sign-ins in the last 7 days."
• "Find guest users in the tenant who have not signed in for 90 days and list their group memberships."
• "Summarize Microsoft 365 E5 license usage and identify users who could be downgraded."

• Officially built and hosted by Microsoft, no self-hosting or container to run.
• Uses delegated permissions, so queries always respect the caller's roles, scopes, and Conditional Access.
• Covers a wide surface of Microsoft Entra through Microsoft Graph using just three tools, which keeps the agent context small.
• Works across Claude, ChatGPT, VS Code, GitHub Copilot CLI, Copilot Studio, and Microsoft Foundry.

• Public preview and read-only: no write or remediation actions are supported yet.
• No Dynamic Client Registration; every MCP client needs its own registered app and admin-granted MCP scopes in the tenant.
• Public cloud only at launch, with sovereign clouds (Gov, China, etc.) listed as future work.

• Softeria ms-365-mcp-server: community MCP server covering Microsoft 365 and Graph more broadly, including write operations.
• pnp/cli-microsoft365-mcp-server: wraps the CLI for Microsoft 365 so agents can manage Entra ID, SharePoint, Teams, and more.
• hieuttmmo/entraid-mcp-server: community MCP server focused specifically on Entra ID through Microsoft Graph.