playbooks

home / mcp / ms graph mcp server

MS Graph MCP Server

Provides access to Microsoft Graph user profiles via MCP, enabling readUserProfile actions against local MCP clients.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "kevinbellinger-mcp-msgraph": {
      "url": "http://localhost:8000/mcp"
    }
  }
}

This MCP server connects to user profile data stored in Microsoft Graph, enabling you to query profile details through a consistent MCP interface. It demonstrates how to bridge MCP with data sources in Microsoft Graph and retrieve user context that can drive downstream applications and plugins.

How to use

You interact with the server through an MCP client that sends actions to the MCP endpoint. The server exposes an action you can request to read a user profile, returning a structured profile object that includes user principal details and related source data. Use your MCP client to issue a readUserProfile action against the server’s /mcp endpoint and supply a contextId to correlate requests. The server returns a response indicating the action, context, and the retrieved data so your client can render or further process the profile information in your application.

How to install

# prerequisites: Python 3.11+ and a shell

# 1) Create a project folder and navigate into it
mkdir mcp-msgraph
cd mcp-msgraph

# 2) Create a virtual environment
python3 -m venv venv
source venv/bin/activate

# 3) Install required packages
pip install fastapi uvicorn requests requests-oauthlib pydantic

# 4) Open the main application file and configure credentials
# Replace placeholders with your Azure AD App (client) ID, Tenant ID, and Client Secret in main.py

# 5) Start the MCP server
uvicorn main:app --reload
```} ,{

Additional content

Prerequisites and setup include Python and a virtual environment. You will implement an Azure AD application to access Microsoft Graph and grant the User.Read.All permission with admin consent. After configuring your Azure AD app, run the server locally and connect to it using an MCP client to perform actions such as readUserProfile. When you start the server with uvicorn, it serves requests on http://127.0.0.1:8000, and the MCP endpoint is accessible at /mcp (for example, http://localhost:8000/mcp). Ensure your client handles authentication tokens as required by the Graph API integration.

Security and maintenance notes

Keep your Azure AD credentials secure and never commit the Client Secret to source control. Use environment-specific configurations or secret management to provide App ID, Tenant ID, and Client Secret to the server at runtime. Regularly rotate credentials and review permissions granted to the Graph API to minimize access risk.