Lokka
What is Lokka
Lokka is a Model Context Protocol (MCP) server designed for Microsoft 365, enabling users to query and manage their Microsoft tenant using the Microsoft Graph API with AI assistance.
Use cases
Use cases for Lokka include creating security groups, managing conditional access policies, and retrieving device configuration policies assigned to specific groups within Microsoft 365.
How to use
To use Lokka, you can integrate it with your preferred AI model and chat client, such as Claude Desktop. Users can issue natural language commands to perform tasks in their Microsoft 365 tenant via the Microsoft Graph API.
Key features
Key features of Lokka include support for Microsoft Graph API, natural language processing for user commands, and the ability to manage various Microsoft 365 services like security groups and device configurations.
Where to use
Lokka can be used in any environment that utilizes Microsoft 365 services, particularly in organizations that require efficient management of their Microsoft tenant through AI-driven interactions.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Lokka
Lokka is a Model Context Protocol (MCP) server designed for Microsoft 365, enabling users to query and manage their Microsoft tenant using the Microsoft Graph API with AI assistance.
Use cases
Use cases for Lokka include creating security groups, managing conditional access policies, and retrieving device configuration policies assigned to specific groups within Microsoft 365.
How to use
To use Lokka, you can integrate it with your preferred AI model and chat client, such as Claude Desktop. Users can issue natural language commands to perform tasks in their Microsoft 365 tenant via the Microsoft Graph API.
Key features
Key features of Lokka include support for Microsoft Graph API, natural language processing for user commands, and the ability to manage various Microsoft 365 services like security groups and device configurations.
Where to use
Lokka can be used in any environment that utilizes Microsoft 365 services, particularly in organizations that require efficient management of their Microsoft tenant through AI-driven interactions.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
Lokka
Lokka is a model-context-protocol server for the Microsoft Graph and Azure RM APIs that allows you to query and managing your Azure and Microsoft 365 tenants with AI.
Please see Lokka.dev for how to use Lokka with your favorite AI model and chat client.
Lokka lets you use Claude Desktop, or any MCP Client, to use natural language to accomplish things in your Azure and Microsoft 365 tenant through the Microsoft APIs.
e.g.:
Create a new security group called 'Sales and HR' with a dynamic rule based on the department attribute.Find all the conditional access policies that haven't excluded the emergency access accountShow me all the Intune device configuration policies assigned to the 'Call center' groupWhat was the most expensive service in Azure last month?
Authentication Methods (Enhanced in v0.2.0)
Lokka now supports multiple authentication methods to accommodate different deployment scenarios:
1. Client Credentials (Service-to-Service)
Traditional app-only authentication using client credentials:
{
"mcpServers": {
"Lokka-Microsoft": {
"command": "npx",
"args": [
"-y",
"@merill/lokka"
],
"env": {
"TENANT_ID": "<tenant-id>",
"CLIENT_ID": "<client-id>",
"CLIENT_SECRET": "<client-secret>"
}
}
}
}2. Interactive Authentication (New)
User-based authentication with interactive login:
{
"mcpServers": {
"Lokka-Microsoft": {
"command": "npx",
"args": [
"-y",
"@merill/lokka"
],
"env": {
"TENANT_ID": "<tenant-id>",
"CLIENT_ID": "<client-id>",
"USE_INTERACTIVE": "true",
"REDIRECT_URI": "http://localhost:3000"
}
}
}
}3. Client-Provided Token (New)
Token-based authentication where the MCP Client provides access tokens:
{
"mcpServers": {
"Lokka-Microsoft": {
"command": "npx",
"args": [
"-y",
"@merill/lokka"
],
"env": {
"USE_CLIENT_TOKEN": "true"
}
}
}
}When using client-provided token mode:
- Start the MCP server with
USE_CLIENT_TOKEN=true - Use the
set-access-tokentool to provide a valid Microsoft Graph access token - Use the
get-auth-statustool to verify authentication status - Refresh tokens as needed using
set-access-token
New Tools (v0.2.0)
Token Management Tools
set-access-token: Set or update access tokens for Microsoft Graph authenticationget-auth-status: Check current authentication status and capabilities
Enhanced Microsoft Graph Tool
Lokka-Microsoft: Now supports all three authentication modes with improved error handling and token management
Getting started
See the docs for more information on how to install and configure Lokka.
Components
Tools
-
Lokka-Microsoft- Call Microsoft Graph & Azure APIs. Supports querying Azure and Microsoft 365 tenants. Updates are also supported if permissions are provided.
- Input:
apiType(string): Type of Microsoft API to query. Options: ‘graph’ for Microsoft Graph (Entra) or ‘azure’ for Azure Resource Management.path(string): The Azure or Graph API URL path to call (e.g. ‘/users’, ‘/groups’, ‘/subscriptions’).method(string): HTTP method to use (e.g., get, post, put, patch, delete)apiVersion(string): Azure Resource Management API version (required for apiType Azure)subscriptionId(string): Azure Subscription ID (for Azure Resource Management).queryParams(string): Array of query parameters like $filter, $select, etc. All parameters are strings.body(JSON): The request body (for POST, PUT, PATCH)
- Returns: Results from the Azure or Graph API call.
-
set-access-token(New in v0.2.0)- Set or update an access token for Microsoft Graph authentication when using client-provided token mode.
- Input:
accessToken(string): The access token obtained from Microsoft Graph authenticationexpiresOn(string, optional): Token expiration time in ISO format
- Returns: Confirmation of token update
-
get-auth-status(New in v0.2.0)- Check the current authentication status and mode of the MCP Server
- Returns: Authentication mode, readiness status, and capabilities
Environment Variables
The configuration of the server is done using environment variables. The following environment variables are supported:
| Name | Description | Required |
|---|---|---|
TENANT_ID |
The ID of the Microsoft Entra tenant. | Yes (except for client-provided token mode) |
CLIENT_ID |
The ID of the application registered in Microsoft Entra. | Yes (except for client-provided token mode) |
CLIENT_SECRET |
The client secret of the application registered in Microsoft Entra. | Yes (for client credentials mode only) |
USE_INTERACTIVE |
Set to “true” to enable interactive authentication mode. | No |
USE_CLIENT_TOKEN |
Set to “true” to enable client-provided token authentication mode. | No |
REDIRECT_URI |
Redirect URI for interactive authentication (default: http://localhost:3000). | No |
ACCESS_TOKEN |
Initial access token for client-provided token mode. | No |
Contributors
- Interactive and Token-based Authentication (v0.2.0) - @darrenjrobinson
Installation
To use this server with the Claude Desktop app, add the following configuration to the “mcpServers” section of your
claude_desktop_config.json:
{
"mcpServers": {
"Lokka-Microsoft": {
"command": "npx",
"args": [
"-y",
"@merill/lokka"
],
"env": {
"TENANT_ID": "<tenant-id>",
"CLIENT_ID": "<client-id>",
"CLIENT_SECRET": "<client-secret>"
}
}
}
}Make sure to replace <tenant-id>, <client-id>, and <client-secret> with the actual values from your Microsoft Entra application. (See Install Guide for more details on how to create an Entra app and configure the agent.)
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
