Connects Claude with Microsoft 365 services such as Email, Calendar, Teams, OneDrive, and more through the Microsoft Graph API.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default
MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server
express vulnerable to XSS via response.redirect()
process.env. You'll be asked to provide them before it can run.COMMUNICATION_AGENT_AUDIT_TOKENCOMMUNICATION_AGENT_AUDIT_URLCOMMUNICATION_AGENT_POLICY_JSONCOMMUNICATION_AGENT_WORK_ITEM_IDDEFAULT_TIMEZONEHTTP_HOSTHTTP_PORT— TRANSPORT_TYPE=http =3333 node index.jsOFFICE_AUDIT_LOG_PATHOFFICE_CLIENT_ID— 9. From the Overview section of the app settings page, copy the "Application (client) ID" and enter it as the in the .env file as well as in the claude-config-sample.json fileOFFICE_CLIENT_SECRET— 7. Copy the secret value and enter it as the in the .env file as well as in the claude-config-sample.json fileOFFICE_TENANT_IDONEDRIVE_SYNC_PATH— /path/to/your/onedrive/syncPORTSERVICE_MODESHAREPOINT_SYMLINK_PATH— /path/to/sharepoint/symlinkSHAREPOINT_SYNC_PATH— /path/to/your/sharepoint/syncTRANSPORT_TYPE— stdio # or 'http' for SSE headless modeUSE_TEST_MODE— true node index.js[](https://m8ven.ai/mcp/hvkshetry-office-365-mcp-server-rap196)