softeria/ms-365-mcp-server

A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API

→ softeria/ms-365-mcp-server· npm: @softeria/ms-365-mcp-server· listed on npm

Install from

npm mcp.so npm

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Tests do not pass

Either the test suite is broken or the code regressed. Either way the published behaviour can’t be verified by the publisher’s own tests.

✅

118 tools verified — handlers match their declared behaviour

4 read-only tools verified — handlers contain no write/delete/exec

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 2 credentials: MS365_MCP_CLIENT_SECRET, MS365_MCP_OAUTH_TOKEN

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configENABLED_TOOLS— Filter tools using a regex pattern (alternative to --enabled-tools flag)

configLOG_LEVEL— Set logging level (default: 'info')

configMS365_MCP_BASE_URL

configMS365_MCP_BODY_FORMAT— html: Return email bodies as HTML instead of plain text (default: text)

configMS365_MCP_CLIENT_ID— your-azure-ad-app-client-id-here

🔐 secretMS365_MCP_CLIENT_SECRET— your-secret-here # Optional for public apps

configMS365_MCP_CLOUD_TYPE— globalchina: Microsoft cloud environment (alternative to --cloud flag)

configMS365_MCP_CORS_ORIGIN

configMS365_MCP_FORCE_WORK_SCOPES— true1: Backwards compatibility for MS365_MCP_ORG_MODE

configMS365_MCP_KEYVAULT_URL— Azure Key Vault URL for secrets management (see Azure Key Vault section)

configMS365_MCP_LOG_DIR

configMS365_MCP_MAX_TOP— n>: Hard cap for Graph $top / top on list requests (positive integer). When the model passes a larger value, the server clamps it to n so responses stay smaller. Example: MS365_MCP_MAX_TOP=15

🔐 secretMS365_MCP_OAUTH_TOKEN— your_oauth_token npx @softeria/ms-365-mcp-server

configMS365_MCP_ORG_MODE— true1: Enable organization/work mode (alternative to --org-mode flag)

configMS365_MCP_OUTPUT_FORMAT— toon npx @softeria/ms-365-mcp-server

configMS365_MCP_PUBLIC_URL

configMS365_MCP_SELECTED_ACCOUNT_PATH— Custom file path for selected account metadata (see Token Storage below)

configMS365_MCP_TENANT_ID— Custom tenant ID (defaults to 'common' for multi-tenant)

configMS365_MCP_TOKEN_CACHE_PATH— Custom file path for MSAL token cache (see Token Storage below)

configREAD_ONLY— true1: Alternative to --read-only flag

configSILENT— true1: Disable console output

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 6 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/softeria-ms-365-mcp-server-1lbx0w)](https://m8ven.ai/mcp/softeria-ms-365-mcp-server-1lbx0w)

commit: 751dae1f311604416ada83506c27f2f92e4e4001

code hash: fd8a65799caa6772b8c3ac233b0313ef60ebbd8ae5789c29e42f7dae8ed61e38

verified: 4/18/2026, 3:58:41 PM

view raw JSON →