Microsoft Graph + AI in 60 seconds
Unofficial. Community-built Claude Code Skill and MCP server for the Microsoft Graph API. Not affiliated with, endorsed by, or sponsored by Microsoft Corporation.
Awaiting live verification - passes every mechanical gate (build, command-surface, claims, install). Be the first to confirm it against your tenant: report it works.
Microsoft retires the Graph CLI (mgc) on August 28, 2026 and points admins at the heavier PowerShell SDK. This is the lightweight successor: one cross-platform binary, no .NET or PowerShell runtime. Ask your AI “which M365 licenses are we wasting,” “who holds privileged admin right now,” or “what’s new in Defender since yesterday,” and get cross-tenant answers computed offline from a local SQLite mirror - one query instead of CSV exports and portal tab-hopping.
New to the term? An MCP server is the same thing ChatGPT calls an app or connector, Claude on the web calls a connector, and Claude Code calls a Skill. One thing, many names →
Install in 60s → View on GitHub →
Instead of clicking through Microsoft Graph, just ask
Instead of Exporting subscribedSku CSVs from the M365 admin center and reconciling assigned-versus-used seats in a spreadsheet to find license spend you can reclaim at renewal
just ask: “Which M365 licenses are we paying for but not using?”
Your agent runs: microsoft-graph-cli licenses waste --agent
Instead of Clicking through Entra > Roles and administrators, opening each privileged role, and reading its members one role at a time to see who can administer the tenant
just ask: “Who holds global admin or other privileged roles right now?”
Your agent runs: microsoft-graph-cli admins audit --agent
Instead of Paging through the Defender portal every morning to work out which alerts are new and still open since yesterday
just ask: “What security alerts are new and still open since yesterday?”
Your agent runs: microsoft-graph-cli security triage --since 24h --agent
See it in 30 seconds
Demo data is simulated. Every command shown exists in the real CLI.
What it does
| Question your MSP keeps asking | Command your agent runs |
|---|---|
| Which SKUs are we paying for but not fully using, ranked by wasted seats? | microsoft-graph-cli licenses waste --agent |
| Which disabled or guest accounts still hold a paid license? | microsoft-graph-cli licenses orphans --json |
| Who exactly is consuming one specific SKU before I reclaim seats? | microsoft-graph-cli licenses map "ENTERPRISEPACK" --agent |
| Who holds a privileged directory role right now, and which holders are guest or disabled? | microsoft-graph-cli admins audit --agent |
| What open security alerts are new since yesterday, by severity and source? | microsoft-graph-cli security triage --since 24h --agent |
| Which Intune devices are non-compliant, unencrypted, or stale this month? | microsoft-graph-cli managed-devices drift --days 30 --agent |
| Which groups are ownerless, empty, or guest-heavy across the tenant? | microsoft-graph-cli groups risk --agent |
| Where does this tenant stand overall - users, license waste, admins, alerts, device drift? | microsoft-graph-cli tenant snapshot --agent |
Full command reference at github.com/servosity/msp-skills/blob/main/skills/microsoft-graph/guide.md.
What makes this one different
Most Microsoft Graph integrations and MCP servers proxy each question into a live Graph call - fine for one record, but a tenant-wide question becomes a paginate-and-join dance the AI burns context on, and Graph throttles the bulk reads those questions need. This skill pulls the MSP-relevant surface into a local SQLite mirror, so the cross-entity answers - license waste, orphaned SKUs, privileged-access audit, device drift, tenant snapshot - become one local join: instant, offline, and the AI sees the answer, not pages of raw Graph JSON.
It is the lightweight replacement for the retiring mgc rather than a competitor to the platform: the M365 admin center, Entra, Defender, and Intune portals stay best for in-console workflows and writes, while this skill brings the read-and-report core to whichever AI agent you already use - as one cross-platform binary with no .NET or PowerShell runtime - and answers the cross-entity questions no single portal screen composes.
The pain this closes
- Microsoft is retiring the Microsoft Graph CLI (mgc) on August 28, 2026 - deprecated since September 2025, no new features, security fixes only - and steering everyone to the PowerShell SDK (Microsoft 365 Developer Blog, “Microsoft Graph CLI retirement”). MSPs who scripted tenant reporting on a lightweight cross-platform binary now face a heavier .NET/PowerShell dependency on every machine that runs it.
- The questions an MSP actually asks about a tenant - how much license spend is recoverable, who holds admin, which devices are drifting out of compliance - span multiple Graph entities, and no single Graph endpoint returns them. The admin center and Defender/Intune portals answer one object at a time, so each question becomes a CSV export plus a spreadsheet join or a click-path across modules.
- Microsoft Graph throttles bulk reads and paginates everything behind @odata.nextLink, so any script that wants a tenant-wide view - all users with their licenses, every privileged role with its members - has to fetch, page, cache, and join locally rather than ask the API for the answer directly.
Install
Works in any of these agents - pick yours:
| Agent | Quick install |
|---|---|
| Claude Desktop | Step-by-step → |
| ChatGPT (Plus/Pro+) | Step-by-step → |
| Claude Code | Step-by-step → |
| Codex CLI | Step-by-step → |
| Cursor, Windsurf, Cline, Continue, Zed, Copilot, Gemini, Hermes, OpenClaw | Which agent? → |
Quickest path for everyone else (terminal):
macOS / Linux:
bash <(curl -fsSL https://raw.githubusercontent.com/servosity/msp-skills/main/skills/microsoft-graph/install.sh)
Windows (PowerShell):
iwr -useb https://raw.githubusercontent.com/servosity/msp-skills/main/skills/microsoft-graph/install.ps1 | iex
After install, authenticate once with your Microsoft Graph credentials, then verify with microsoft-graph-cli --version.
Safety model
| Tier | Examples | Recommended agent policy |
|---|---|---|
| Read | microsoft-graph-cli licenses waste –agent; microsoft-graph-cli admins audit –agent; microsoft-graph-cli security triage –since 24h –agent; microsoft-graph-cli managed-devices drift –days 30 –agent; microsoft-graph-cli groups risk –agent; microsoft-graph-cli tenant snapshot –agent; microsoft-graph-cli users list –top 50 –agent; microsoft-graph-cli pull; microsoft-graph-cli search “disk full” | Allow |
| Write (import escape hatch) | microsoft-graph-cli import |
Preview with –dry-run, then a reviewed write |
| Destructive / config | No typed destructive command exists; the CLI exposes no delete or update path. Any irreversible change would require a write the typed commands do not provide | Human-in-the-loop only |
The skill drives the microsoft-graph-cli and microsoft-graph-mcp binaries, authenticating with a MICROSOFT_GRAPH_TOKEN read from the environment - never logged, never written to disk, never sent anywhere except the Microsoft Graph API. Every typed command is read-only: users, groups, directory roles, licenses, devices, managed devices, security alerts and incidents, and the cross-entity analytics change nothing. The single write path is the explicit import command (a JSONL-to-POST create path), which previews with --dry-run. The strongest control is the scope of the token you mint - grant read-only Graph scopes and the CLI can only read. Full details in governance.md.
Frequently asked questions
Does this work with ChatGPT?
Yes, on paid ChatGPT plans. ChatGPT connects to remote MCP servers over HTTPS, so you expose the local Microsoft Graph MCP server via a secure bridge. Step-by-step in the install guide.
Do I need to know how to code?
No. Paste one sentence into Claude Code or Codex and your agent does the install, or run a one-line installer. You enter your credentials once.
Is my Microsoft 365 data safe?
Your data stays on your machine. The CLI, MCP server, and the local SQLite mirror are all local. The AI sees query results, not raw bulk data, and credentials are never bundled or transmitted by MSP Skills - the token is read from your environment and used only against the Microsoft Graph API.
Will this hit my Microsoft Graph throttling limits?
The local mirror exists so reads stop hitting Graph. After the first pull, the cross-entity views (licenses waste/orphans/map, admins audit, security triage, managed-devices drift, groups risk, tenant snapshot) run against local SQLite with zero API calls. Live calls follow @odata.nextLink and respect a --rate-limit throttle, and pull treats resources your token can’t reach as warnings, not failures.
Is this the replacement for the Microsoft Graph CLI (mgc) that’s being retired?
It is built as the lightweight successor for the MSP read-and-report core - directory, licensing, security, and device surfaces - as one cross-platform Go binary with no .NET or PowerShell runtime. Microsoft’s own recommended path is the PowerShell SDK; this is the option for teams who want a scriptable single binary and their AI agent instead. It is not affiliated with or endorsed by Microsoft.
Does it use a delegated or app-only token?
Either. Run auth login --tenant <id> --client-id <id> --client-secret <secret> to mint and cache an app-only (client-credentials) token for unattended MSP use, or export a pre-minted token as MICROSOFT_GRAPH_TOKEN. Read scopes such as Directory.Read.All, RoleManagement.Read.Directory, SecurityAlert.Read.All, and DeviceManagementManagedDevices.Read.All must be granted and admin-consented. App-only tokens have no /me, so users me is delegated-only.
What does it cost?
Free. Apache-2.0 licensed. You pay only for whichever AI agent you already use.
Status
Beta. Validated against the Microsoft Graph API surface and being validated with MSPs running it live against their own production tenants in our weekly Build Sessions.
Standards. Conforms to the open Agent Skills spec (Anthropic, Dec 2025; 40+ agents). MCP-compatible - works with any MCP-capable agent including Hermes. OpenClaw-ready (frontmatter pre-wired, awaiting OpenClaw launch).
Maintained by Servosity for the MSP community. Apache-2.0 licensed. Built with CLI Printing Press.