# Microsoft Mcps > Microsoft Outlook (mail) MCP server — read, search, and send email through Microsoft Graph. - **Type:** MCP server - **Install:** `agentstack add mcp-0xka13b-microsoft-mcps` - **Verified:** Yes — security-reviewed for prompt injection and unsafe behavior - **Seller:** [0xka13b](https://agentstack.voostack.com/s/0xka13b) - **Installs:** 0 - **Category:** [AI & ML](https://agentstack.voostack.com/c/ai-and-ml) - **Latest version:** 1.0.1 - **License:** MIT - **Upstream author:** [0xka13b](https://github.com/0xka13b) - **Source:** https://github.com/0xka13b/microsoft-mcps ## Install ```sh agentstack add mcp-0xka13b-microsoft-mcps ``` Requires the [AgentStack CLI](https://agentstack.voostack.com/docs/cli). Works with Claude Code, Cursor, and any MCP-compatible agent. ## About          Microsoft MCP Model Context Protocol servers for Microsoft 365. Calendar · Contacts · OneDrive · Outlook · SharePoint — on the official @modelcontextprotocol/sdk, over stdio or Streamable HTTP. [](https://github.com/0xka13b/microsoft-mcps/actions/workflows/ci.yml) [](https://github.com/0xka13b/microsoft-mcps/actions/workflows/ci.yml) [](LICENSE) Each server speaks the real MCP protocol and runs over **either transport**: - **stdio** — for local MCP clients that launch the server as a subprocess (Claude Desktop, IDEs, the MCP Inspector). - **Streamable HTTP** — for remote/hosted use, with the Microsoft Graph access token supplied per request via `Authorization: Bearer`. ## Servers | | Server | npm package (and binary) | Tools | | :-: | ----------- | ------------------------- | ----: | | | Calendar | `ms-calendar-mcp` | 9 | | | Contacts | `ms-contacts-mcp` | 7 | | | OneDrive | `ms-onedrive-mcp` | 9 | | | Outlook | `microsoft-outlook-mcp` | 14 | | | SharePoint | `ms-sharepoint-mcp` | 23 | All tools are thin wrappers over the [Microsoft Graph](https://learn.microsoft.com/graph/) `v1.0` API. ## Layout ``` microsoft-mcp/ ├── apps/ # one MCP server per Microsoft 365 product │ ├── calendar/ │ ├── contacts/ │ ├── onedrive/ │ ├── outlook/ │ └── sharepoint/ │ └── src/ │ ├── tools.ts # declarative tool definitions (schema + handler) │ └── index.ts # run({ name, version }, tools) └── packages/ # shared building blocks ├── core/ # MCP server bootstrap + dual transport (stdio / HTTP) ├── graph/ # Microsoft Graph HTTP client ├── validation/ # id / path / query sanitizers └── logger/ # structured JSON logging (stderr-only — stdio-safe) ``` A server is just a list of tools handed to `run()`: ```ts // apps/calendar/src/index.ts import { run } from "@microsoft-mcp/core"; import { tools } from "./tools.js"; void run({ name: "microsoft-calendar", version: "1.0.0", title: "Microsoft Calendar" }, tools); ``` ```ts // a single tool defineTool({ name: "get_event", description: "Get a single calendar event by ID.", inputSchema: { event_id: z.string().describe("Event ID") }, confirmationPolicy: "never", handler: ({ graph }, { event_id }) => { validateId(event_id, "event_id"); return graph.request("GET", `/me/events/${event_id}`); }, }); ``` `confirmationPolicy` (`"always"` for mutating/destructive tools, `"never"` for read-only) is surfaced to clients as MCP `readOnlyHint` / `destructiveHint` annotations. ## Requirements - Node.js >= 20 - pnpm 10 (`corepack enable`) ## Setup ```bash pnpm install pnpm build # build all servers (turbo) -> apps/*/dist/index.js pnpm check-types # typecheck everything ``` ## Tests & CI ```bash pnpm test # run the vitest suite once pnpm test:watch # watch mode pnpm test:coverage # run with a v8 coverage report (-> coverage/) ``` Tests live next to the code as `*.test.ts` and run on TypeScript source directly (no build step). The shared `packages/*` are covered by unit and integration tests — including a full Streamable-HTTP round-trip against a live server — and CI enforces a coverage floor on them. Each `apps/*` server ships an invariant suite that locks its tool surface (unique snake_case names, valid schemas and confirmation policies). Every push and pull request to `master` runs [CI](.github/workflows/ci.yml): typecheck → build → tests with coverage. The coverage badge is regenerated from the run. ## Authentication You sign in **once** with your Microsoft account; the server then caches a refresh token and acquires access tokens silently from then on — no pasting, no 1-hour expiry. Sign-in uses your own [Microsoft Entra ID](https://learn.microsoft.com/entra/identity-platform/quickstart-register-app) app registration (free) so the servers act on your behalf. ### 1. Register an Entra ID app (one time) 1. [Azure Portal](https://portal.azure.com) → **Microsoft Entra ID** → **App registrations** → **New registration**. Name it anything; pick the **Supported account types** that fit (single-tenant, multi-tenant, and/or personal accounts). 2. **Authentication** → **Add a platform** → **Mobile and desktop applications** → add redirect URI **`http://localhost`**, and set **Allow public client flows** to **Yes** (enables the `--device-code` fallback). 3. **API permissions** → **Add a permission** → **Microsoft Graph** → **Delegated permissions** → add the scopes for the servers you use (then **Grant admin consent** if your tenant requires it): | Server | Delegated scopes | | --- | --- | | Calendar | `Calendars.ReadWrite` | | Contacts | `Contacts.ReadWrite` | | OneDrive | `Files.ReadWrite.All` | | Outlook | `Mail.ReadWrite`, `Mail.Send` | | SharePoint | `Sites.ReadWrite.All` | All servers also use `User.Read`. (`offline_access` is requested automatically for refresh.) 4. Copy the **Application (client) ID**. ### 2. Sign in (one time per machine) Set `MICROSOFT_CLIENT_ID`, then run the server's **`login`** command. A browser opens; after you consent, the token is cached under `~/.config/microsoft-mcp/`: ```bash export MICROSOFT_CLIENT_ID= npx -y ms-calendar-mcp login # opens the browser npx -y ms-calendar-mcp login --device-code # headless: shows a code to enter ``` From then on the server refreshes tokens automatically. Use a non-default tenant with `MICROSOFT_TENANT_ID` (default `common`). ### Advanced: supply your own token To bypass the built-in flow, supply a pre-acquired Graph token directly: - **stdio:** set `MICROSOFT_ACCESS_TOKEN` (takes precedence over the cached sign-in). Good for quick tests — mint one with `az account get-access-token --resource https://graph.microsoft.com --query accessToken -o tsv`. - **HTTP:** send `Authorization: Bearer ` on each `POST /mcp` request. Each request is stateless with its own token, so callers never share credentials — this is the model for hosted/remote deployments, which handle their own auth. ## Running ### stdio (e.g. Claude Desktop) Each server is published to npm and runnable with `npx` — no clone or build. Sign in once first (`npx -y ms-calendar-mcp login`, see [Authentication](#authentication)), then: ```jsonc // claude_desktop_config.json { "mcpServers": { "microsoft-calendar": { "command": "npx", "args": ["-y", "ms-calendar-mcp"], "env": { "MICROSOFT_CLIENT_ID": "" } } } } ``` Or point at a local build instead of npm: ```jsonc { "command": "node", "args": ["/abs/path/microsoft-mcp/apps/calendar/dist/index.js"], "env": { "MICROSOFT_CLIENT_ID": "" } } ``` During development you can skip the build and run the TypeScript directly: ```bash MICROSOFT_ACCESS_TOKEN= pnpm --filter ms-calendar-mcp dev ``` ### Streamable HTTP ```bash # build first, then: PORT=3000 node apps/calendar/dist/index.js --http # or, in dev: pnpm --filter ms-calendar-mcp dev -- --http --port 3000 ``` The server exposes `POST /mcp` (the MCP endpoint) and `GET /healthz`. Point any Streamable-HTTP MCP client at `http://localhost:3000/mcp` with an `Authorization: Bearer` header. ## Transport selection Resolved in this order: `--stdio` / `--http` flag → `MCP_TRANSPORT=stdio|http` → default `stdio`. HTTP port: `--port ` → `PORT` → `3000`. ## Environment variables | Variable | Used by | Description | | ------------------------- | ------- | ------------------------------------------------------------------- | | `MICROSOFT_CLIENT_ID` | stdio | Entra ID app (client) ID for sign-in. Required for the `login` flow. | | `MICROSOFT_TENANT_ID` | stdio | Tenant for sign-in: `common` (default), `organizations`, `consumers`, or a tenant ID. | | `MICROSOFT_ACCESS_TOKEN` | stdio | Pre-acquired Graph token; overrides the cached sign-in when set. | | `MICROSOFT_MCP_CACHE_DIR` | stdio | Override the token-cache directory (default `~/.config/microsoft-mcp`). | | `MCP_TRANSPORT` | both | `stdio` (default) or `http`. | | `PORT` | http | Listen port (default `3000`). | | `MCP_HTTP_BODY_LIMIT` | http | Max request body size (default `50mb`) for base64 uploads. | | `MCP_DEBUG` | both | Any non-empty value enables debug logs (to stderr). | ## Source & license This open-source MCP server is cataloged on AgentStack and links to its original source — we do not rehost the code. - **Author:** [0xka13b](https://github.com/0xka13b) - **Source:** [0xka13b/microsoft-mcps](https://github.com/0xka13b/microsoft-mcps) - **License:** MIT Install and usage instructions live in the source repository linked above. ## Pricing - **Free** — Free ## Versions - **1.0.1** — security scan: passed — Imported from the upstream source. ## Links - Listing page: https://agentstack.voostack.com/l/mcp-0xka13b-microsoft-mcps - Seller: https://agentstack.voostack.com/s/0xka13b - Browse the marketplace: https://agentstack.voostack.com/browse --- Listed on AgentStack — the marketplace for AI agent skills and MCP servers. Every listing is security-reviewed. Creators keep 70%.