Microsoft Entra setup
Microsoft Graph access is optional. Add it when users need Entra users, groups, application registrations, service principals, credential-expiry, MFA, audit-log, role, or Conditional Access context.
Follow the canonical permission list and local-server notes in the EntraID MCP Server guide. Microsoft permission names and consent requirements can change; verify them in Microsoft documentation before approval.
Prerequisites
- An application administrator who can configure Graph application permissions.
- A tenant administrator who can grant admin consent.
- An Azure Support Agent connection using the intended managed identity or service principal.
settings.writeto enable default assistant tools, or permission to edit the relevant sub-agent.
Configure Graph access
- Identify the application identity used by the default Azure connection.
- In Microsoft Entra, add only the Application permissions required by planned features.
- For read-oriented identity posture, start with the documented read permissions such as directory, user, group, policy, role-management, authentication-method, and audit-log reads.
- Grant tenant admin consent.
- Return to Azure Support Agent and open Settings → EntraID MCP Tools.
- Enable the required tools for the default assistant. For a sub-agent, enable Entra tools in that agent’s editor instead.
- Test with a non-sensitive read request and verify the tenant and connection used.
Write permissions
The existing guide also lists Graph write permissions for group management, password-profile updates, and application management. They are not required for most queries. Add them only when an approved workflow needs those operations.
Application-side approval gates do not replace Microsoft Graph least privilege. Both layers must be configured correctly.
Interpret results
- A successful tool listing confirms that the MCP process loaded; it does not prove every Graph permission is consented.
- A successful read in one area does not imply access to audit logs, authentication methods, or policies.
- Empty results can be legitimate. Compare the requested tenant, time range, and Graph permission before concluding that data is absent.
- Directory results may contain sensitive personal and security information. Handle exports and chat transcripts accordingly.
Safety
- Never publish tenant IDs, client IDs, secrets, certificates, tokens, user data, or Graph responses.
- Prefer read-only permissions. Separate a write-capable identity if operational segregation is required.
- Review admin consent periodically and remove unused permissions.
- Keep password reset, app-registration mutation, and group mutation behind explicit application permissions and approvals.
Troubleshooting
| Symptom | What to check |
|---|---|
| Entra tools do not appear | Feature toggle, sub-agent tool selection, MCP process configuration, and application role |
| Graph returns 403 | Exact Application permission, admin consent, and whether the active connection uses the configured identity |
| Authentication-method or audit data is missing | Specialized permissions in the canonical guide; broad directory read may not cover those APIs |
| Data comes from the wrong tenant | Default Azure connection and its tenant/service-principal configuration |
| Local Windows server fails to start | Dedicated Entra MCP virtual environment and configured command/arguments in the canonical guide |