A focused toolkit for Microsoft 365 administrators who need application-level access to Graph API without user interaction. Ships 622 read-only tools covering security monitoring, audit logs, identity management, Intune device policies, eDiscovery cases, Defender for Identity sensors, and Copilot usage analytics. Built for incident response and compliance workflows where you need client credentials, not delegated permissions. Write operations exist behind an explicit flag with risk classifications. Comes with playbooks for breach investigation, presets to scope tool availability by domain, and support for both Azure global and China clouds. If you're running security operations or quarterly access reviews at scale, this is the server to wire up.
claude mcp add --transport stdio io.github.okapi-ca-ms-365-admin uvx ms-365-admin