Microsoft Graph MCP Server

How to use

You interact with the MCP server through a client that supports MCP endpoints. After you configure the server, you can tell Claude to create users, assign licenses, add users to groups, and look up information about people or groups. Use natural language prompts such as creating a new user, listing licenses, or adding a user to a specific group. The A2A capability enables agents to coordinate these actions automatically as part of onboarding or maintenance workflows.

How to install

Prerequisites you need before installing the MCP server arePython 3.10 or newer and the uv package manager.

# macOS/Linux
curl -LsSf https://astral.sh/uv/install.sh | sh

# Windows
powershell -c "irm https://astral.sh/uv/install.ps1 | iex"

Create a workspace for the MCP server and prepare the environment.

# Create project directory
mkdir microsoft-graph-mcp
cd microsoft-graph-mcp

# Copy server files mcp_graph_server.py and pyproject.toml to this directory

# Create virtual environment and install dependencies
uv venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate
uv pip install -e .

Configure the required environment variables for Microsoft Graph access in a file named .env at the project root.

MICROSOFT_TENANT_ID=your-tenant-id
MICROSOFT_CLIENT_ID=your-client-id
MICROSOFT_CLIENT_SECRET=your-client-secret

Configure Claude Desktop

Add the MCP server configuration to your Claude Desktop configuration so Claude can start and talk to the MCP server.

{
  "mcpServers": {
    "microsoft-graph": {
      "command": "uv",
      "args": [
        "--directory",
        "/absolute/path/to/microsoft-graph-mcp",
        "run",
        "mcp_graph_server.py"
      ],
      "env": {
        "MICROSOFT_TENANT_ID": "your-tenant-id",
        "MICROSOFT_CLIENT_ID": "your-client-id",
        "MICROSOFT_CLIENT_SECRET": "your-client-secret"
      }
    }
  }
}

Restart Claude Desktop

After saving the configuration, restart Claude Desktop to load the MCP server.

Usage notes

Once configured, you can ask Claude to create users, assign licenses, and manage group memberships. For example, you can request to provision a new user with a display name, email, and password, ask to list available license SKUs, or command Claude to add a user to a specific group. You can also query for user details or search for users by name.

Security considerations

Never commit the .env file to version control. Store client secrets securely and rotate them periodically. Grant the minimal required permissions for the Azure app and monitor API usage in the Azure Portal.

Troubleshooting

If you encounter authentication errors, verify the credentials in the environment, ensure admin consent for all API permissions, and check that the client secret is not expired. For permission errors, confirm the app has the correct API permissions and that they are application permissions, not delegated. If the MCP server does not load in Claude Desktop, verify the absolute path to your project directory, ensure uv is installed, and examine Claude Desktop logs for errors.

Development

To run tests and keep code quality high, use the following commands to install development dependencies and run tests, then format and lint the code.

uv pip install -e ".[dev]"
pytest

Notes on licenses and endpoints

Common Microsoft 365 license SKUs are exposed by the server tools. Use list operations to discover the exact SKU IDs available in your tenant.

create_user

Provision a new Microsoft 365 user with display name, email, password, and optional settings.

assign_license

Assign a Microsoft 365 license to a user, with optional service plan customization.

add_user_to_group

Add an existing user to a specified Microsoft 365 group.

list_available_licenses

List all license SKUs available for assignment in the tenant.

list_groups

List all groups in the tenant.

get_user

Retrieve detailed information about a specific user.

search_user

Search for users by name or email pattern.