Microsoft 365 Integration
Access Outlook email, calendar, OneDrive files, To Do tasks, and contacts via Microsoft Graph (MS Graph API).
Access Microsoft 365 services (Outlook mail, calendar, OneDrive, To Do, and contacts) via Microsoft Graph API. Supports device-code login with cached auth and optional headless credentials for automation.
Why this rating
Deterministic checks triggered by the tool capabilities and evidence.
- Locality: Hybrid
Uses Microsoft Graph over the network and authenticates via device code or headless client credentials.
- Data access: Sensitive
Can access Outlook mail, calendars, files, tasks, and contacts tied to the user's Microsoft account.
- Action surface: Write
Includes sending email and creating calendar events and To Do tasks.
Best practices
Follow these steps to reduce risk when using this skill.
- Use least-privileged Graph permissions/scopes and prefer device-code login unless you truly need headless automation.
- Confirm recipients and message content before running `mail send`, and avoid sending sensitive attachments inadvertently.
- Protect client secrets (`MS365_MCP_CLIENT_SECRET`) and cached auth tokens; rotate/revoke if exposed.
Evidence links
Public sources backing the indicator assignments.
Always be careful when navigating away from the website.
Max-risk rule
If any capability reaches a higher level, the entire indicator level bumps up to keep ratings deterministic and easy to scan.