Microsoft Entra ID MCP Server
MCP server for Microsoft Entra ID via Graph API: users, sign-in logs, MFA status, and privileged users.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for Microsoft Entra ID MCP Server, derived from its capabilities.
AIVSS 8.9 · High
View MAESTRO 7-layer threat model →Overview
A Python MCP server that interacts with Microsoft Entra ID (Azure AD) through Microsoft Graph, supporting advanced queries over users, groups, devices, sign-in logs, MFA status, and privileged accounts. Because it can read directory and security-sensitive identity data, the Graph app permissions it is granted are the primary risk surface.
Key features
- Query users, groups, and devices
- Sign-in logs and MFA status
- Privileged-user and security operations
Use cases
- Identity and access investigations with an agent
- Auditing MFA and privileged accounts