EntraID (Microsoft Graph) MCP Server

In addition to the Azure MCP server, the app integrates the EntraID MCP Server. It exposes Microsoft Graph tools for Entra ID (Azure AD): users, groups, app registrations & service principals, secret/certificate expiry, MFA status, sign-in & audit logs, and conditional-access policies. It is spawned over stdio just like the Azure MCP server and its tools flow into the same provider tool-calling loop (works with every LLM provider, including the Copilot/Codex guided-tool-calling adapters).

  • Enable for the default assistant: Settings → EntraID MCP Tools → toggle on.
  • Per sub agent: check “Also allow all EntraID (Microsoft Graph) tools (MCP)” in the agent editor (next to the Azure tools checkbox).
  • Identity: it authenticates to Graph using the default Azure connection’s service-principal credentials (tenant id / client id / client secret, or certificate).
  • Tools listing (admin): http://localhost:8000/api/admin/entra/tools

Required Microsoft Graph permissions

Grant these Application permissions to the app registration used by the connection, then grant admin consent:

API / Permission Type Description
AuditLog.Read.All Application Read all audit log data
AuthenticationContext.Read.All Application Read all authentication context information
DeviceManagementManagedDevices.Read.All Application Read Microsoft Intune devices
Directory.Read.All Application Read directory data
Group.Read.All Application Read all groups
GroupMember.Read.All Application Read all group memberships
Group.ReadWrite.All Application Create, update, delete groups; manage group members and owners
Policy.Read.All Application Read your organization’s policies
RoleManagement.Read.Directory Application Read all directory RBAC settings
User.Read.All Application Read all users’ full profiles
User-PasswordProfile.ReadWrite.All Application Least privileged permission to update the passwordProfile property
UserAuthenticationMethod.Read.All Application Read all users’ authentication methods
Application.ReadWrite.All Application Create, update, and delete applications (app registrations) and service principals

Read-only permissions are sufficient for most queries; the *.ReadWrite.All permissions enable group, password, and application management. Write tools (create/update/delete/ reset) are gated behind the app’s approval policy.

Local setup notes

The Graph SDK has very deep file paths, so its dependencies live in a dedicated venv to avoid the Windows 260-char path limit (Windows long-path support is also enabled). The backend spawns the server using ENTRA_MCP_COMMAND (that venv’s python) and ENTRA_MCP_ARGS (the stdio launcher third_party/entraid-mcp-server/run_server.py). Override these via environment variables if your paths differ.

Auth (local dev)

DEV_AUTH=true injects a fake admin identity so you can use the chat and admin dashboard without standing up an external IdP. Set DEV_AUTH_ROLE=user to test the non-admin view. Real OIDC / SAML SSO is configured under Settings → Access Control.


Back to top

Azure Support Agent is open source under the MIT License.

This site uses Just the Docs, a documentation theme for Jekyll.