Outlook MCP Server
A Model Context Protocol server bridging Claude to Microsoft Outlook + Teams (email, calendar, contacts, tasks, files, Teams meeting recordings + transcripts), deployed on Cloudflare Workers.
README
Outlook MCP Server
A Model Context Protocol server bridging Claude to Microsoft Outlook + Teams (email, calendar, contacts, tasks, files, Teams meeting recordings + transcripts), deployed on Cloudflare Workers.
Fork this repo, deploy to your own Cloudflare account, register a Microsoft Azure AD app, point Claude.ai at your worker, and Claude can read and write your Microsoft 365 data through natural language.
Built on @bashco/mcp-toolkit — OAuth, per-client bearer tokens, rate limiting, structured logging, typed tool dispatch are all handled by the shared library.
What Claude gets — 33 tools across 7 domains
- Mail: list emails, read email, search, reply, forward, delete, send, move between folders, create draft, update draft, send draft, schedule send
- Calendar: list events, list event occurrences, create, update, delete, cancel event, respond to event
- Contacts: list, create contact
- Tasks: list task lists, list tasks, create task
- Files: list files, share file
- Teams meetings: list recent recordings (the discovery starting point — finds meetings that have content in the past N days, no inputs needed), find online meeting, list meeting recordings, list meeting transcripts, get transcript content. Each per-meeting tool accepts any of
meeting_id,calendar_event_id, orjoin_url— so scheduled meetings (resolved via event), ad-hoc / Meet-now calls (resolved via join URL pasted from the Teams chat), and direct id lookups all work. - Conversation: get conversation (full thread)
- Settings: get mailbox settings, set out-of-office
Full live catalogue at the tools/list MCP endpoint after deploy.
How auth works
Two layers:
- Claude.ai ↔ your worker — standard MCP OAuth 2.0 + PKCE flow. Each Claude client gets a unique bearer token; your
MCP_APPROVAL_CODEis what you paste at/authorizeonce to mint that bearer. - Your worker ↔ Microsoft Graph — proxied OAuth. You authorise Microsoft once by visiting
/oauth/starton your deployed worker; refresh tokens are stored encrypted at rest in Cloudflare KV. Refresh happens automatically.
Setup — deploy your own copy
Prerequisites
- A Cloudflare account (free plan works)
- Wrangler CLI installed and logged in (
wrangler login) - Node.js 22+
- A Microsoft account (personal, work, or school) with access to register Azure AD apps at entra.microsoft.com
1. Fork and clone
git clone https://github.com/<your-username>/outlook-mcp
cd outlook-mcp
npm install
2. Create the KV namespace
wrangler kv:namespace create OAUTH_KV
Wrangler prints something like:
🌀 Creating namespace with title "outlook-mcp-OAUTH_KV"
✨ Success! Add the following to your configuration file:
[[kv_namespaces]]
binding = "OAUTH_KV"
id = "abc123def456..."
Edit wrangler.jsonc and replace the existing id under kv_namespaces with what wrangler just printed.
3. Register a Microsoft Azure AD app
-
Go to entra.microsoft.com → Identity → Applications → App registrations → New registration
-
Name: anything (e.g. "Claude Outlook MCP")
-
Supported account types:
- "Accounts in this organizational directory only" if you want to restrict to one tenant
- "Accounts in any organizational directory and personal Microsoft accounts" for the broadest support
-
Redirect URI: leave blank for now — you'll come back after Step 6
-
Click Register
-
From the app's Overview page, record:
- Application (client) ID → this is your
MICROSOFT_CLIENT_ID - Directory (tenant) ID → this is your
MICROSOFT_TENANT_ID(or use the stringcommonfor multi-tenant + personal account support)
- Application (client) ID → this is your
-
API permissions → Add the following Microsoft Graph delegated permissions:
Mail.ReadWrite,Mail.SendCalendars.ReadWriteContacts.ReadWriteTasks.ReadWriteFiles.Read.All(orFiles.ReadWrite.Allif you want write-capable file tools)User.Readoffline_access(required for refresh tokens)MailboxSettings.ReadWriteSites.Read.AllOnlineMeetings.ReadOnlineMeetingRecording.Read.All— admin consent requiredOnlineMeetingTranscript.Read.All— admin consent required
After adding the two
.Read.Allpermissions, click "Grant admin consent for [tenant name]" on the API permissions page. Without admin consent, the meeting recording / transcript tools will 403. -
Certificates & secrets → New client secret → record the value (in 1Password). This is your
MICROSOFT_CLIENT_SECRET. You can only see it once — copy immediately.
4. Update wrangler.jsonc
Edit wrangler.jsonc and replace both:
vars.MICROSOFT_CLIENT_ID— with the Application ID from Step 3.6vars.MICROSOFT_TENANT_ID— with the Directory ID from Step 3.6 (orcommon)
5. Set secrets
Generate a fresh approval code:
openssl rand -base64 32
Store it in a password manager, then push to Cloudflare:
wrangler secret put MCP_APPROVAL_CODE # paste the value from above
wrangler secret put MICROSOFT_CLIENT_SECRET # from Step 3.8
| Secret | Purpose |
|---|---|
MCP_APPROVAL_CODE |
One-time code you paste at /authorize to mint a Claude bearer. Also used as the encryption secret for upstream Microsoft tokens at rest — rotating it invalidates stored tokens and forces clean Microsoft re-auth. |
MICROSOFT_CLIENT_SECRET |
Your Azure AD app's client secret. |
6. First deploy (to learn worker URL)
npm run deploy
Wrangler prints your worker URL — something like https://outlook-mcp.<your-account>.workers.dev. Save it.
7. Update WORKER_URL and the Microsoft redirect URI
Two updates needed:
a) Edit wrangler.jsonc — under vars, replace WORKER_URL with the URL from Step 6.
b) In the Azure AD app (entra.microsoft.com → your app → Authentication → Add a platform → Web), set the redirect URI to <your-worker-url>/oauth/callback. Without this, Microsoft will reject the OAuth flow.
Then redeploy:
npm run deploy
8. Connect Microsoft (one time)
In your browser, visit <your-worker-url>/oauth/start. Paste your MCP_APPROVAL_CODE. You'll be redirected to Microsoft to sign in and grant the scopes from Step 3.7. After consenting, your encrypted upstream tokens land in OAUTH_KV. Refresh happens automatically thereafter.
You can confirm the connection by visiting <your-worker-url>/oauth/status — should say connected: true.
9. Connect Claude.ai
- In Claude.ai, go to Settings → Integrations → Add MCP server
- Server URL:
<your-worker-url>/mcp - Claude.ai redirects you to your worker's
/authorizepage - Paste your
MCP_APPROVAL_CODEand confirm - You're connected — Claude now has the 33 Outlook + Teams tools available
Local development
cp .dev.vars.example .dev.vars # fill in MCP_APPROVAL_CODE + MICROSOFT_CLIENT_SECRET; .dev.vars is gitignored
npm test # 48 tests via vitest with workers pool
npm run typecheck # tsc --noEmit
npm run dev # wrangler dev — local at http://localhost:8787
Endpoints
GET /.well-known/oauth-authorization-server— OAuth metadata (public)GET /.well-known/oauth-protected-resource— Resource metadata (public)GET /authorize— Approval-code paste page (public)POST /approve— Approval-code submission (rate-limited)POST /token— OAuth token exchange (rate-limited)POST /register— Dynamic client registration per RFC 7591 (rate-limited)GET /oauth/start— Begin Microsoft OAuth flow (gated by MCP_APPROVAL_CODE)GET /oauth/callback— Microsoft OAuth redirect targetGET /oauth/status— Check connection state (gated by MCP_APPROVAL_CODE)POST /mcp— JSON-RPC tool dispatch (bearer-protected, rate-limited)
Stack
- Cloudflare Workers (compatibility_date
2025-04-28,nodejs_compat) - TypeScript (strict)
- Hono v4
- Zod v4
- Vitest with
@cloudflare/vitest-pool-workers(48 tests) @bashco/mcp-toolkit— shared OAuth/crypto/rate-limit/dispatch plumbing
Security architecture highlights
- Two-pass HTML sanitiser with entity normalisation on outbound email previews
- SSRF guard with 32-bit-IP normalisation on outbound HTTP
- Microsoft Graph odata error envelope parsing for structured error returns
- Per-domain tool files under
src/tools/(mail, calendar, contacts, tasks, files, meetings, settings) for auditability
Continuous deployment
.github/workflows/deploy.yml runs vitest run on every push to main, then deploys to Cloudflare. To enable on your fork, set two repository secrets:
CLOUDFLARE_API_TOKEN— create at dash.cloudflare.com/profile/api-tokens (use the "Edit Cloudflare Workers" template)CLOUDFLARE_ACCOUNT_ID— find at the bottom-right of your Cloudflare dashboard
Contributing
Issues and PRs welcome at github.com/doublebash/outlook-mcp.
For changes to the underlying OAuth/crypto/rate-limit code, the toolkit lives at github.com/doublebash/mcp-toolkit — file issues there.
Security
Found a vulnerability? Please don't open a public issue. Open a private security advisory on GitHub.
License
MIT — Copyright (c) 2026 Bashar Basheer.
推荐服务器
Baidu Map
百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Playwright MCP Server
一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。
Magic Component Platform (MCP)
一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。
Audiense Insights MCP Server
通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。
VeyraX
一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。
graphlit-mcp-server
模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。
Kagi MCP Server
一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。
e2b-mcp-server
使用 MCP 通过 e2b 运行代码。
Neon MCP Server
用于与 Neon 管理 API 和数据库交互的 MCP 服务器
Exa MCP Server
模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。