MCP.directory
Microsoft Enterprise

Microsoft Enterprise

Official
microsoft

Connects AI agents to Microsoft Entra identity data by translating natural language queries into Microsoft Graph API calls. Requires Entra admin privileges for initial tenant setup.

Query Microsoft Entra identity data using natural language

35251 views8Remote
cloud infrastructureauth security
GitHubWebsite

What it does

  • Query Microsoft Entra identity data with natural language
  • Convert natural language to Microsoft Graph API calls
  • Access organizational user and group information
  • Integrate Entra data into AI workflows
  • Manage identity data through conversational interface

Best for

IT administrators managing organizational identitiesDevelopers building AI-powered enterprise toolsEnterprise automation workflows requiring identity data
Public preview from MicrosoftRequires Entra admin privileges for setupBuilt on Model Context Protocol

About Microsoft Enterprise

Microsoft Enterprise is an official MCP server published by microsoft that provides AI assistants with tools and capabilities via the Model Context Protocol. Query Microsoft Entra identity data with natural language using Microsoft Enterprise — fast, secure answers for IAM insi It is categorized under cloud infrastructure, auth security.

How to install

You can install Microsoft Enterprise in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server supports remote connections over HTTP, so no local installation is required.

License

Microsoft Enterprise is released under the CC-BY-4.0 license.

Microsoft MCP Server for Enterprise

Microsoft MCP Server for Enterprise Logo

Overview

Built on the open Model Context Protocol, the public preview of Microsoft MCP Server for Enterprise lets AI agents access Microsoft Entra data by converting natural language queries into Microsoft Graph API calls. This MCP server empowers developers and IT Administrators to integrate the management of organizational data into AI-powered workflows.

Full Documentation: Overview of Microsoft MCP Server for Enterprise

MCP Server Provisioning (execute once per tenant)

To get started with the Microsoft MCP Server for Enterprise, follow these steps to provision the MCP Server in your tenant (requires Microsoft Entra admin privileges):

  1. Install Microsoft.Entra.Beta PowerShell module (version 1.0.13 or later):

    Install-Module Microsoft.Entra.Beta -Force -AllowClobber

  2. Connect Microsoft Entra ID to the tenant you'd like to register the MCP Server:

    Connect-Entra -Scopes 'Application.ReadWrite.All', 'DelegatedPermissionGrant.ReadWrite.All'

  3. Register the MCP Server for Enterprise in your tenant and grant all permissions to Visual Studio Code:

    Grant-EntraBetaMCPServerPermission -ApplicationName VisualStudioCode

If you have any issue on any of the above steps, please refer to the detailed installation instructions. You can try to execute the following to ensure Microsoft Graph PowerShell SDK Modules do not conflict with Microsoft.Entra.Beta:

Install-Module Uninstall-Graph
Uninstall-Graph -All

Visual Studio Code Configuration

  1. Click Install Microsoft MCP Server for Enterprise to launch VS Code's MCP install page.
  2. Click the Install button in VS Code and Login with your account from the tenant above.
  3. Open Copilot Chat and ask a question about your tenant.

Azure Foundry Configuration

  1. Navigate to Azure Foundry Portal.
  2. Go to Agents on the left and click Create agent button on the top right.
  3. Assign a name, and expand Tools section
  4. Click Add and then Add a new tool
  5. Go to the Catalog and search for "Microsoft MCP Server for Enterprise"
  6. Select "Microsoft MCP Server for Enterprise" and click Create
  7. Add the Client ID of your MCP Client (you might need to register a new MCP Client application in your tenant, and assign the required MCP.* scopes)
  8. Click Connect
  9. Update the Redirect URI of your MCP Client application to include the Azure Foundry redirect URI (shown in the portal after clicking Connect)
  10. Ask a question about your tenant data in the Azure Foundry chat interface.
  11. Click Open Consent button and login with your Admin account from the tenant above.

Tools

This MCP Server is atypical: instead of exposing a separate tool per Microsoft Graph operation, it applies Retrieval-Augmented Generation (RAG) and few-shot prompting to generate complete Microsoft Graph queries.
It exposes only three tools to implement a reliable and grounded workflow:

  1. microsoft_graph_suggest_queries: Finds relevant Microsoft Graph API calls based on user intent.
  2. microsoft_graph_get: Executes read-only Microsoft Graph API calls, respecting User roles and MCP Client scopes.
  3. microsoft_graph_list_properties: Retrieves properties of specific Microsoft Graph entities to help the AI model

Current scope and capabilities

For Public Preview, our focus is to support read-only enterprise IT scenarios focused on Microsoft Entra identity and directory operations (user, group, application, device management, and administrative actions).

In particular, the MCP Server can handle queries related to:

  1. Security posture: authentication methods/strengths, Conditional Access, Security Defaults.
  2. Privileged access: Who has which directory roles, how assigned (direct vs group), and PIM status.
  3. Application risk: Which Apps / Service Principals exist, who owns them, what permissions/SSO they use, and which are ownerless or external.
  4. Access governance: Who has access to what (users, groups, packages); review decisions, automate joiner/mover/leaver.
  5. Device readiness: Managed/compliant status, join state, OS/version distribution, and stale or inactive devices.
  6. Provenance and investigation: End‑to‑end telemetry (sign‑in, audit, provisioning, network), health alerts, and SLA/availability.
  7. Optimize spending & hygiene: License counts/usage, unused or stale apps/groups, domain configuration and contacts.

Supported Clients

The Microsoft MCP Server for Enterprise is designed to work with any MCP-compatible client supporting the latest standard.

⚠️ Notes:

  • Dynamic Client Registration (DCR) is not supported, but we are working to support OAuth Client ID Metadata Documents (CIMD) in a future release.
  • ChatGPT and Claude, and GitHub Copilot CLI are supported only with custom client Id: you need to register your own MCP Client application in your tenant and assign the required MCP.* scopes and configure the redirect URIs accordingly.

Authorization and permissions

The MCP Server for Enterprise uses Microsoft Graph API to access data in your Microsoft Entra tenant using delegated permissions only, and provides a reduced set of permissions exposed by Microsoft Graph.
Use the following cmdlet to list the permissions provided by the MCP Server for Enterprise:

(Get-EntraBetaServicePrincipal -Property "PublishedPermissionScopes" -Filter "AppId eq 'e8c77dc2-69b3-43f4-bc51-3213c9d915b4'").PublishedPermissionScopes | Where-Object { $_.IsEnabled -eq $true -and $_.AdditionalProperties["isPrivate"] -ne $true } | Select-Object Value, AdminConsentDisplayName | Sort-Object

If you'd like to use your own Registered Application, use the following cmdlets to to manage scopes granted to your MCP Client Application:

Grant-EntraBetaMCPServerPermission -ApplicationId "<MCP_Client_Application_Id>" -Scopes "<Scope1>", "<Scope2>", "<...>"
Revoke-EntraBetaMCPServerPermission -ApplicationId "<MCP_Client_Application_Id>" -Scopes "<Scope1>", "<Scope2>", "<...>"

Learn more: Manage MCP Server for Enterprise permissions

Advantages

  1. Remote MCP Server: Easy to configure, fully compliant, and highly reliable—deployed in the same regions as Microsoft Graph for optimal performance.
  2. IT Admins are in control: MCP clients need specific MCP.* scopes (mirroring Microsoft Graph Scopes) to be granted to access your tenant data.
  3. Simplified architecture: Works with just 3 tools instead of managing individual tools for every API operation.
  4. High-quality query generation: Generates accurate queries using over 500 real-world examples through RAG (Retrieval-Augmented Generation).
  5. Full auditability: Easily audit all MCP operations since they execute under the same App ID with a specific user agent.
  6. No extra license required: only existing Microsoft Entra and Microsoft Graph API licenses applies.

Availability, Roadmap and feedback

The Microsoft MCP Server for Enterprise is available only in the public cloud (global service), with support for sovereign clouds planned for a future release.
We will continue expanding beyond the current Microsoft Entra scenarios, but M365 APIs will be covered by Agent 365.
Support for write operations is planned for a future release.
Please share suggestions or issues through our feedback form: Submit feedback.

Licensing and usage

  • The MCP Server for Enterprise doesn't require extra cost or separate license.
  • You need the right licenses for the data you access (for example, Microsoft Entra ID Governance or Microsoft Entra ID P2 license for Privileged Identity Management (PIM) data).
  • Any request to this MCP server is limited to 100 requests per minute per user. Requests to microsoft_graph_get are also subject to Microsoft Graph Throttling limits.

Logs

To monitor usage, enable Microsoft Graph activity logs in your tenant. The system logs all API calls made through the MCP server.

Filter for MCP Server usage:

Use the Application (Client ID) of the Microsoft MCP Server for Enterprise: e8c77dc2-69b3-43f4-bc51-3213c9d915b4.

The following Kusto query retrieves these logs:

MicrosoftGraphActivityLogs
| where TimeGenerated >= ago(30d)
| where AppId == "e8c77dc2-69b3-43f4-bc51-3213c9d915b4"
| project RequestId, TimeGenerated, UserId, RequestMethod, RequestUri, ResponseStatusCode

Support and reference

For documentation, troubleshooting, and feedback, refer to the official Microsoft Learn documentation and support channels.

Security and compliance

All operations respect Microsoft Graph permissions and security policies. Ensure compliance with your organizational, regulatory, and contractual requirements when integrating the MCP Server.

No warranty/limitation of liability

This software is provided "as is" without warranties or conditions of any kind, either express or implied. Microsoft isn't liable for any damages that resu

README truncated. View full README on GitHub.

Alternatives

Google GenAI Toolbox

Google GenAI Toolbox

google
13.3k

Google GenAI Toolbox: open-source GenAI database agent and AI database connector for Google Cloud database—query Cloud S

OfficialPopular
215
GhidraMCP

GhidraMCP

LaurieWired
7.8k

MCP server for Ghidra reverse engineering. Enables AI assistants to decompile binaries, analyze functions, rename variab

CommunityPopular
362
HexStrike AI

HexStrike AI

0x4m4
7.3k

Advanced MCP server enabling AI agents to autonomously run 150+ security and penetration testing tools. Covers reconnais

CommunityPopular
282
Firebase

Firebase

firebase
4.4k

Enhance your Firebase projects with AI-powered development tools from Firebase Inc. for smarter, faster app solutions.

Official
50417

Related Skills

Browse all skills
kubernetes-architect

Expert Kubernetes architect specializing in cloud-native infrastructure, advanced GitOps workflows (ArgoCD/Flux), and enterprise container orchestration. Masters EKS/AKS/GKE, service mesh (Istio/Linkerd), progressive delivery, multi-tenancy, and platform engineering. Handles security, observability, cost optimization, and developer experience. Use PROACTIVELY for K8s architecture, GitOps implementation, or cloud-native platform design.

2
terraform-specialist

Expert Terraform/OpenTofu specialist mastering advanced IaC automation, state management, and enterprise infrastructure patterns. Handles complex module design, multi-cloud deployments, GitOps workflows, policy as code, and CI/CD integration. Covers migration strategies, security best practices, and modern IaC ecosystems. Use PROACTIVELY for advanced IaC, state management, or infrastructure automation.

1
firebase

Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong. Firestore queries are limited, and you learn this after you've designed your data model. This skill covers Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Firebase Hosting. Key insight: Firebase is optimized for read-heavy, denormalized data. I

16
security-auditor

Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks. Masters vulnerability assessment, threat modeling, secure authentication (OAuth2/OIDC), OWASP standards, cloud security, and security automation. Handles DevSecOps integration, compliance (GDPR/HIPAA/SOC2), and incident response. Use PROACTIVELY for security audits, DevSecOps, or compliance implementation.

4
equilateral-agents

22 production-ready AI agents with database-driven orchestration for security reviews, code quality analysis, deployment validation, infrastructure checks, and compliance. Auto-activates for security concerns, deployment tasks, code reviews, quality checks, and compliance questions. Includes upgrade paths to enterprise features (GDPR, HIPAA, multi-account AWS, ML-based optimization).

4
security-reviewer

Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.

3