M365 Audit
БесплатноНе проверенExposes Microsoft 365 privacy/compliance audit checks as MCP tools, enabling natural language queries about tenant configuration, orphaned documents, Conditiona
Описание
Exposes Microsoft 365 privacy/compliance audit checks as MCP tools, enabling natural language queries about tenant configuration, orphaned documents, Conditional Access policies, DLP policies, and Copilot usage.
README
CI License: MIT Python Open in GitHub Codespaces
Docs: Getting started · Architecture · Customization · Evaluation · Diagrams · FAQ
Live demo: derekgallardo01.github.io/m365-audit-mcp — sample question + tool invocation + JSON response for each of the 5 tools, regenerated on every push.
Full-page capture (all 5 tools) →
An MCP server that exposes Microsoft 365 privacy / compliance audit checks as tools any MCP client (Claude Desktop, Cursor, VS Code, custom Agent SDK builds) can call.
Default backend is a realistic mocked tenant — so the server runs anywhere, zero credentials, zero setup. The production seam swaps to Microsoft Graph without changing the tool surface.
pip install -e .
m365-audit-mcp # runs the MCP server over stdio
python -m pytest -q # 11 unit tests covering every tool
Stdlib-only Python except for the mcp SDK itself. No real M365 tenant
required to develop against.
Run in Docker
docker build -t m365-audit-mcp .
docker run --rm m365-audit-mcp python -m pytest -q # run tests in the image
docker run --rm -i m365-audit-mcp # run the server (stdio)
For Claude Desktop / Cursor integration, prefer the pip install -e .
path on the host — MCP clients launch the server as a subprocess and
talk to it via pipes, which is awkward through Docker. The Dockerfile
is for CI, packaging, and remote-hosted deployments.
Example: production scenario
examples/tenant_health_report.py — Calls all 5 audit tools directly (skipping MCP transport) and builds an executive markdown tenant-health report with the top 3 priority actions surfaced
python examples/tenant_health_report.py
What it's for
When you're running an M365 / Copilot rollout, the questions that come up weekly are the same: "is our tenant configured correctly?", "what SharePoint documents are orphaned?", "are our Conditional Access policies actually enforcing or still in report-only?", "where is Copilot adoption stalling?"
This MCP server lets you chat them in Claude / Cursor instead of clicking through the M365 admin centre, and returns structured data the LLM can summarise, compare, or paste straight into a sign-off doc.
Tools
| Tool | What it returns | Typical question |
|---|---|---|
check_tenant_privacy_config |
Tenant metadata + per-item verification status mirroring the m365-privacy-config checklist | "Are we configured to keep client data in-tenant?" |
find_orphaned_documents |
Documents with no owner OR not accessed in N days, each with a recommendation | "What's at risk to leak into Copilot grounding?" |
audit_conditional_access_policies |
All CA policies; flags any not in enabled state |
"Are any of our policies still report-only?" |
list_dlp_policies |
DLP policies, optionally filtered by location | "What's covering Teams chats?" |
summarize_copilot_usage |
Tenant-wide or per-team Copilot adoption stats | "Where is rollout stalling?" |
Each tool returns JSON-serializable dicts. The LLM consumes them and turns them into natural language for the human, or chains tool calls (e.g. "list low-adoption teams, then for each one summarize their top prompts").
How to wire into Claude Desktop
Add to your Claude Desktop config:
{
"mcpServers": {
"m365-audit": {
"command": "m365-audit-mcp"
}
}
}
Restart Claude Desktop. The five tools appear in the tool list — Claude
can now answer questions like "summarize our tenant's privacy posture
and flag anything outstanding" by calling check_tenant_privacy_config
without any further prompting from you.
The exact same config shape works in Cursor, in custom Agent SDK builds, and in any MCP client that supports stdio transport.
Architecture
flowchart LR
C["MCP client<br/>(Claude Desktop / Cursor / SDK)"] <-->|stdio| S["FastMCP server<br/>src/m365_audit_mcp/server.py"]
S --> T["audit_tools.py<br/>(pure functions)"]
T --> B{"BACKEND"}
B -- "default" --> M["mock_data.py<br/>(realistic mocked tenant)"]
B -.->|"production swap"| G["Microsoft Graph client<br/>(yours to implement)"]
server.pyis a thin FastMCP wrapper — registers each tool, hands off to the pure function inaudit_tools.py.audit_tools.pydoes the work. Each function is testable directly without touching the MCP transport (that's how all 11 tests work).mock_data.pyreturns realistic tenant-shaped data. To swap in real Microsoft Graph, replace theBACKENDconstant inaudit_tools.pywith a Graph client wrapper that returns the same shape. No other code changes.
Bringing it to a real tenant
The BACKEND swap point in audit_tools.py is the single integration
point. A production replacement would:
- Implement a
GraphBackendclass with the same attributes (TENANT,PRIVACY_CONFIG,DOCUMENTS,CONDITIONAL_ACCESS_POLICIES, etc.) but populated from Microsoft Graph queries instead of constants. - Use an Entra ID app registration with the minimum scopes per tool
(
User.Read.All,Directory.Read.All,Policy.Read.All,Reports.Read.All,Sites.Read.All). - Cache aggressively — Graph quotas are real, and audit queries don't need second-by-second freshness.
The mocked default lets you develop and demo the integration into an agent (Claude Desktop or otherwise) without ever touching a real tenant.
What's inside
| Path | Purpose |
|---|---|
src/m365_audit_mcp/server.py |
FastMCP server registering 5 tools |
src/m365_audit_mcp/audit_tools.py |
Pure-function tool implementations |
src/m365_audit_mcp/mock_data.py |
Realistic mocked tenant data |
tests/test_audit_tools.py |
11 unit tests (each tool + edge cases) |
pyproject.toml |
Python packaging + m365-audit-mcp script entry |
Companion repos
- m365-privacy-config — the human-readable checklist this MCP server mirrors
- rag-over-docs-kit — pairs naturally if you want to ground answers in your own M365 docs in addition to the audit data
- copilot-studio-support-agent — the inverse pattern: an agent INSIDE M365, vs. this server SERVING M365 data to an agent outside it
Установка M365 Audit
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/derekgallardo01/m365-audit-mcpFAQ
M365 Audit MCP бесплатный?
Да, M365 Audit MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для M365 Audit?
Нет, M365 Audit работает без API-ключей и переменных окружения.
M365 Audit — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить M365 Audit в Claude Desktop, Claude Code или Cursor?
Открой M365 Audit на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare M365 Audit with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
