// SCAN REPORT

Outlook

43 tools. 23 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

23 can modify or destroy data
20 read-only
43 tools total

Community server · catalogue entry verified 11/06/2026

How to control Outlook ↓

TOOL MAP

What Outlook exposes to your agents

Read (20) Write / Execute (20) Destructive / Financial (2)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Outlook tools

Destructive · High outlook_delete_email This tool irreversibly deletes email data. Destructive · High outlook_delete_event Deleting calendar events is a destructive action that cannot be undone. Execute · High outlook_batch_process_emails Batch processing of emails can span multiple categories depending on the operations performed (archive, delete, move, categorize). Write · High outlook_reply_all This tool sends an email reply to all recipients of an existing message.

23 of Outlook's 43 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Outlook

PolicyLayer is an MCP gateway — it sits between your AI agents and Outlook, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "outlook_delete_email": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "outlook_categorize_email": {
    "limits": [
      {
        "counter": "outlook_categorize_email_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "outlook_check_availability": {
    "limits": [
      {
        "counter": "outlook_check_availability_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Outlook — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON OUTLOOK →

Free to start. No card required.

FULL CATALOGUE

All 43 Outlook tools

DESTRUCTIVE 2 tools
Destructive outlook_delete_email Delete an email (move to Deleted Items or permanently delete) Destructive outlook_delete_event Delete a calendar event
EXECUTE 1 tools
Execute outlook_batch_process_emails Perform bulk operations on multiple emails
WRITE 19 tools
Write outlook_categorize_email Apply categories to an email Write outlook_flag_email Flag or unflag an email for follow-up Write outlook_forward_email Forward an existing email to new recipients Write outlook_reply_all Reply to all recipients of an existing email Write outlook_reply_to_email Reply to an existing email Write outlook_add_attachment Add an attachment to an email draft Write outlook_archive_email Archive an email (move to Archive folder) Write outlook_create_draft Create an email draft without sending Write outlook_create_event Create a new calendar event in Outlook with optional Teams meeting integration Write outlook_create_folder Create a new email folder Write outlook_create_recurrence_helper Helper to create a recurring event with simplified inputs Write outlook_create_recurring_event Create a recurring calendar event Write outlook_mark_as_read Mark an email as read or unread Write outlook_move_email Move an email to a different folder Write outlook_rename_folder Rename an existing email folder Write outlook_respond_to_invite Respond to a meeting invitation Write outlook_schedule_online_meeting Schedule an online meeting (Teams/Skype) Write outlook_send_email Send an email through Outlook Write outlook_update_event Update an existing calendar event
READ 20 tools
Read outlook_check_availability Check availability for users Read outlook_check_calendar_permissions Check permissions for a calendar Read outlook_download_attachment Download a specific email attachment Read outlook_find_meeting_times Find optimal meeting times for attendees Read outlook_get_busy_times Get busy times for users Read outlook_get_calendar_view Get a view of a calendar for a specific time range Read outlook_get_email Get detailed information about a specific email Read outlook_get_event Get a specific calendar event Read outlook_get_folder_stats Get statistics for a specific folder Read outlook_get_sharepoint_file Fetch a SharePoint file using the same authenticated session as Outlook. Handles sharing links from emails. Ei Read outlook_list_attachments List all attachments for a specific email Read outlook_list_calendars List available calendars Read outlook_list_emails List emails from Outlook inbox or specified folder Read outlook_list_events List calendar events from Outlook Read outlook_list_folders List all email folders Read outlook_list_sharepoint_files List files in SharePoint sites or OneDrive folders using the same authenticated session Read outlook_scan_attachments Scan emails for large or suspicious attachments Read outlook_search_emails Search emails across all folders with advanced filters for analysis Read outlook_validate_event_datetimes Validate event start and end times Read outlook_resolve_sharepoint_link Resolve SharePoint sharing links from emails to get file metadata without downloading
OTHER 1 tools
Other outlook_build_recurrence_pattern Build a recurrence pattern object
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about Outlook

Can an AI agent delete data through the Outlook MCP server? +

Yes. The Outlook server exposes 2 destructive tools including outlook_delete_email, outlook_delete_event. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Outlook? +

The Outlook server has 19 write tools including outlook_categorize_email, outlook_flag_email, outlook_forward_email. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Outlook.

How many tools does the Outlook MCP server expose? +

43 tools across 4 categories: Destructive, Execute, Read, Write. 20 are read-only. 23 can modify, create, or delete data.

How do I enforce a policy on Outlook? +

Register the Outlook MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Outlook tool call.

Deterministic rules across all 43 Outlook tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON OUTLOOK →

Free to start. No card required.

43 Outlook tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.