M365

19 tools. 0 can modify or destroy data without limits.

Read-only server. Low risk, but rate limits prevent runaway API costs.

Last updated:

0 can modify or destroy data
19 read-only
19 tools total

Community server · catalogue entry verified 03/07/2026

How to control M365 ↓

What M365 exposes to your agents

Read (19) Write / Execute (0) Destructive / Financial (0)

What can go wrong

Even read-only tools carry cost. An agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up bills.

How to control M365

PolicyLayer is an MCP gateway — it sits between your AI agents and M365, and nothing reaches the server without passing your rules. These are the rules we recommend:

Cap read operations
{
  "cal_get_event": {
    "limits": [
      {
        "counter": "cal_get_event_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register M365 — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON M365 →

Instant setup, no code required.

All 19 M365 tools

READ 19 tools
Read cal_get_event Get the full details of a specific calendar event by ID, including the full body/description. The event_id MUS Read cal_list_calendars List all calendars in the user\ Read cal_list_events List calendar events. Provide start_date and end_date to expand recurring events into individual occurrences ( Read mail_get_attachment Read the content of an email attachment. Automatically parses PDF, Word, Excel, PowerPoint, CSV, and HTML into Read mail_get_message Get full email details including body (HTML auto-converted to plain text), CC/BCC recipients, and attachment m Read mail_list_folders List mail folders in a Microsoft 365 mailbox with unread/total message counts. Supports browsing subfolders vi Read mail_list_messages List email messages from a Microsoft 365 mailbox. Returns subject, sender, date, and preview. Use Read od_get_file Get a file from your personal OneDrive by item_id. PDF, Word (.docx), Excel (.xlsx), PowerPoint (.pptx) are au Read od_list_files List files and folders in your personal OneDrive. Omit item_id for root folder, or provide a folder ID to brow Read od_my_drive Get your personal OneDrive info including drive ID and storage quota. Read od_recent List recently accessed files in your personal OneDrive. Useful for finding files you worked on recently. Read od_search Search for files in your personal OneDrive ONLY. For searching across SharePoint sites and all drives, use sp_ Read od_shared_with_me List files that others have shared with you via OneDrive. Read sp_get_file Get file content by drive_id + item_id. PDF, Word (.docx), Excel (.xlsx), PowerPoint (.pptx) are auto-parsed t Read sp_list_children List files and folders in a drive. Use for browsing folder contents. Provide item_id for a subfolder, or omit Read sp_list_drives List document libraries (drives) for a specific SharePoint site. REQUIRES site_id from sp_list_sites. Use this Read sp_list_sites List SharePoint sites accessible to the user. Returns site IDs needed for sp_list_drives. Use this when the us Read sp_search Search for files across ALL SharePoint sites and OneDrive. Returns file metadata and IDs, but NOT file content Read sp_search_read Search for a file and immediately return its content in one step. This is the EASIEST and MOST RELIABLE way to

Questions about M365

Is the M365 MCP server safe to use without restrictions? +

The M365 server is primarily read-only with 19 read tools. While it cannot modify data, an agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up costs. Rate limiting is still recommended.

How many tools does the M365 MCP server expose? +

19 tools across 1 categories: Read. 19 are read-only. 0 can modify, create, or delete data.

How do I enforce a policy on M365? +

Register the M365 MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every M365 tool call.

Deterministic rules across all 19 M365 tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

19 M365 tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.