Microsoft 365
Mail, Calendar, Teams, SharePoint, OneDrive, and Word via Microsoft's Work IQ MCP servers
Microsoft 365 integration connects your agents to Mail, Calendar, Teams, SharePoint, OneDrive, and Word through Microsoft's Work IQ MCP servers. A single catalog resource covers all six surfaces, and each user's account is automatically scoped to their own Microsoft tenant.
- Navigate to Resources and click Add Resource
- Select Microsoft 365 from the catalog
- Choose a credential mode (see below)
- Click Add
The resource is added with all tools and scopes pre-configured. Each user connects their own Microsoft 365 account via OAuth when they first use a Microsoft 365 tool. Navigate to Connections to manage linked accounts.
Microsoft 365 supports two modes:
- Use SecureAuth's app — install instantly with SecureAuth's pre-registered multi-tenant Entra application. No setup on your side. Recommended for most installs.
- Bring your own app — use an Entra app registration owned by your tenant. Recommended for organizations that require admin-consented apps under their own tenant for compliance, conditional access, or auditing.
See Credential modes for the full comparison.
| Tool | Description |
|---|
SearchMessages | Natural-language mailbox search via Microsoft 365 Copilot |
SearchMessagesQueryParameters | Search the mailbox using OData query parameters passed to Microsoft Graph |
GetMessage | Get a message by ID |
| Tool | Description |
|---|
CreateDraftMessage | Create a draft email without sending it |
UpdateDraft | Update a draft's recipients, subject, body, sensitivity, and attachments |
AddDraftAttachments | Add attachments (URIs) to an existing draft |
SendDraftMessage | Send an existing draft message by ID |
SendEmailWithAttachments | Create and send an email with optional attachments (URIs or base64-encoded files) |
| Tool | Description |
|---|
ReplyToMessage | Reply to a message — drafts by default, or sends immediately when sendImmediately=true |
ReplyAllToMessage | Reply all to a message — drafts by default, or sends immediately |
ReplyWithFullThread | Reply preserving the full quoted thread, optionally re-attaching original files |
ReplyAllWithFullThread | Reply all preserving the full quoted thread, optionally re-attaching original files |
ForwardMessage | Forward a message, optionally adding comment, recipients, and new attachments |
ForwardMessageWithFullThread | Forward preserving the full quoted thread, optionally re-attaching original files |
| Tool | Description |
|---|
UpdateMessage | Update a message's mutable properties (subject, body, categories, importance, sensitivity) |
FlagEmail | Update the flag status on a message |
DeleteMessage | Delete a message |
| Tool | Description |
|---|
GetAttachments | Get attachment metadata (ID, name, size, type) for a message |
DownloadAttachment | Download attachment content as a base64-encoded string |
UploadAttachment | Upload a small file attachment (<3 MB, base64-encoded) to a message |
UploadLargeAttachment | Upload a large file attachment (3–150 MB, base64-encoded) via chunked upload |
DeleteAttachment | Delete an attachment from a message |
| Tool | Description |
|---|
ListEvents | List a user's calendar events (master series only for recurring meetings) |
ListCalendarView | List events from a calendar view with recurring events expanded into individual instances |
CreateEvent | Create a calendar event (Teams meeting included by default; supports recurrence and all-day) |
UpdateEvent | Update a calendar event (preserves the Teams meeting section when editing online meetings) |
DeleteEventById | Delete a calendar event by ID without sending cancellation notices |
CancelEvent | Cancel an event as the organizer, sending cancellation to attendees |
| Tool | Description |
|---|
AcceptEvent | Accept a calendar event invitation |
DeclineEvent | Decline a calendar event invitation |
TentativelyAcceptEvent | Tentatively accept a calendar event invitation |
ForwardEvent | Forward a calendar event to other recipients |
| Tool | Description |
|---|
FindMeetingTimes | Suggest meeting times that work for all attendees based on availability |
GetRooms | List the meeting rooms defined in the user's tenant |
| Tool | Description |
|---|
GetUserDateAndTimeZoneSettings | Get a user's date/timezone, working hours, and language settings |
openid, profile — sign-in identityoffline_access — maintain access when the user is offlineUser.Read — read the signed-in user's profileMail.ReadWrite — read, create, update, and delete mailMail.Send — send mail as the signed-in userCalendars.ReadWrite — read and write calendar eventsChat.ReadWrite — read and write Teams chat messagesChannelMessage.Read.All — read Teams channel messagesChannelMessage.Send — send Teams channel messagesFiles.ReadWrite.All — read and write OneDrive and SharePoint filesSites.ReadWrite.All — read and write SharePoint site content
- Allow read-only access: tool patterns
Search*, Get*, List*, Download*, Find*
- Block sending and replies: deny rules for
Send*, Reply*, Forward* above any allow rules
- Block destructive operations: deny rules for
Delete*, Cancel*, Update*
- Allow mail triage but block calendar changes: allow
*Message*, Get*, Search*, then deny *Event* (still permits read via ListEvents if you allow it explicitly above the deny)
- Allow full access for a specific agent: scope an allow rule for
* to that agent on this MCP server