If you’ve been wondering how to make AI genuinely useful inside your Microsoft 365 environment beyond the usual chat prompts—Microsoft has dropped something worth your attention.

Introducing the MCP Server for Enterprise (Preview): a new connector that lets AI agents read your Entra ID data just by understanding natural language.

Imagine telling your AI assistant:

“How many inactive users do we have?”
“Which admins don’t have MFA enabled?”
… and getting the answer immediately, without writing a Graph query or digging through logs.

MCP Server is designed exactly for this! It acts as the translator between your AI model and Microsoft Graph, letting your AI agent figure out the right API calls automatically.

In this blog, we’ll cover what the MCP Server is, how it works, what it means for M365 admins, and how you can begin to think about using it in your environment.

What Is Microsoft MCP Server for Enterprise

Microsoft MCP Server for Enterprise is a programmatic interface that allows AI tools to query your Microsoft Entra tenant using natural language. It is built on the Model Context Protocol (MCP), an open standard that simplifies how AI models interact with external tools and services.

MCP Server for Enterprise translates your natural language request into a Microsoft Graph API call. It processes your query, selects the best API, runs the request, and sends the structured response back to the AI model, which turns it into a human readable answer.

Note: The Microsoft MCP Server for Enterprise is currently in preview. Features may change before general availability.

How Microsoft MCP Server for Enterprise Works Behind the Scenes

When an MCP-enabled AI agent starts, it automatically finds the MCP Server at mcp.svc.cloud.microsoft/enterprise and loads all the tools it can use.

Here is a simplified breakdown when someone asks a question like How many users do we have in our tenant?” to the MCP server.

Detailed breakdown for the query “How many users do we have in our Microsoft Entra tenant?”

Set up the MCP server Discovery and Setup Register the MCP Server in the tenant and connect with an MCP client (for example, VS Code). This makes the MCP Server available to your AI model.
Understanding your question NLP Processing The AI model processes your natural-language question and determines that the intent is: count users. It then identifies that this can be handled by the MCP Server tools.
Finding the right Graph query Semantic search The search_for_graph_examples tool converts the question into an embedding and searches through a semantic index of Graph API examples. It finds matches that relate to counting users or listing users and returns them to the AI model.
Choosing the best match Query selection From the matching examples, the AI picks the most suitable Graph API call. For this question, it chooses: GET /users/$count.
Running the request Execution The microsoft_graph_get tool runs the selected Graph API call. It uses the signed-in user’s permissions and follows all security, access, and throttling rules.
Convert data to readable result Response Generation After the API call is executed, Microsoft Graph sends back the response payload. The MCP server forwards it to the AI model, which interprets the JSON output and turns it into a simple, human readable answer for the user.

Final Output: There are 7538 users in the directory.

Tools Available in the Microsoft MCP Server

The MCP Server provides multiple tools that AI agents can invoke. Each tool plays a specific role in helping the AI understand and execute Graph API operations.

Tools How the AI uses it


search_for_graph_examples 		Uses “retrieval-augmented generation” (RAG) to map your natural-language intent to a set of possible Graph API calls.


microsoft_graph_get 		Executes read-only Graph API calls, respecting all the required permissions, scope, throttling, etc.


get_graph_entity_properties 		Retrieves the properties of a specific Graph entity to help the AI model understand what data structure it is dealing with.

For an M365 admin, you don’t necessarily need to use these tools directly—but knowing they exist gives you confidence about what’s going on under the covers.

Real World Use Cases for Microsoft 365 Admins

Why should admins care about this? Because it transforms how you interact with your directory and identity data. Here are some practical scenarios:

IT Helpdesk and Support

Support teams can ask questions like:

These queries require multiple API calls, but MCP Server handles them seamlessly.

Users and Identity Management

Admins can quickly generate insights such as:

All without touching PowerShell or Graph Explorer.

Faster API Discovery for Developers

Developers can use natural language to experiment with Graph APIs. The AI agent can show the exact API calls it executed, which helps developers understand the underlying structure.

No-Code/Low-Code Automation

You can integrate the MCP Server into Power Automate, Logic Apps, or custom scripts to create solutions that rely on natural language prompts instead of hard coded queries.

Current Capabilities and Limitations in the Preview

Since this is a preview release, the current scope is focused on read-only Microsoft Entra directory operations. Supported areas include:

  • User directory data
  • Group information
  • Application details
  • Device information
  • Administrative and identity data

Things to note:

⚠️ No write operations yet
⚠️ Available only in public cloud
⚠️ Still governed by Graph permissions and throttling

Licensing Requirements and Costs

There is no separate cost for using Microsoft MCP Server for Enterprise.

However, you still need the appropriate licenses for the data you are trying to access. For example, Privileged Identity Management (PIM) data requires Entra ID Governance or Entra ID P2 licensing.

How to Configure Microsoft MCP Server for Enterprise

Follow these simple steps to get started with MCP Server in your tenant:

1. Install PowerShell module: Open PowerShell as admin and run:

2. Sign in with an admin account: Use an account with Application or Cloud Application Administrator roles with the necessary permissions:

3. Register MCP Server: Grant permissions to Visual Studio Code:

4. Connect VS Code or custom client: Open VS Code, install the MCP Server extension, sign in, and start asking questions like “How many users are in my tenant?”

Once connected, the MCP Server will process your question, run the necessary Graph API calls behind the scenes, and return the answer in plain language.

How to Track MCP Server Activity with Microsoft Graph Logs

Every API call made through MCP Server is recorded in Microsoft Graph activity logs. To filter logs specifically for MCP Server operations, use the application ID: e8c77dc2-69b3-43f4-bc51-3213c9d915b4

A sample Kusto query to find MCP logs:

This helps IT teams review activity, monitor usage, and troubleshoot issues.

Final Thoughts

MCP Server for Enterprise is one of the most admin-friendly AI releases to date! It brings AI and Microsoft Graph closer than ever, letting AI models understand your intent, choose the right API, and give you the result in a clean plain language format.

For admins, this means:

  • Faster reporting
  • Easier troubleshooting
  • Less time writing Graph queries
  • Smarter automation opportunities

If you’re working toward AI-driven IT operations, this Microsoft MCP Server Preview is absolutely worth testing in your environment. If you have any queries, feel free to share them in the comments. We’re happy to help!