Connect
Optimize
Secure
Microsoft Entra ID MCP Server
for AI Agents
Production-ready Microsoft Entra ID MCP server with 67 extensible actions — plus built-in authentication, security, and optimized execution.
Microsoft Entra ID MCP Server
Built by 
StackOne
StackOne 
Coverage
67 Agent Actions
Create, read, update, and delete across Microsoft Entra ID — and extend your agent's capabilities with custom actions.
Authentication
Agent Tool Authentication
Per-user OAuth in one call. Your Microsoft Entra ID MCP server gets session-scoped tokens with zero credentials stored on your infra.
Agent Auth →
Security
Agent Protection
Every Microsoft Entra ID tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.
Prompt Injection Defense →
Performance
Max Agent Context. Min Cost.
Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every Microsoft Entra ID call.
Tools Discovery →What is the Microsoft Entra ID MCP Server?
A Microsoft Entra ID MCP server lets AI agents read and write Microsoft Entra ID data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's Microsoft Entra ID MCP server ships with 67 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Cursor, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.
All Microsoft Entra ID MCP Tools and Actions
Every action from Microsoft Entra ID's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.
Users
- Create User
Create a new user in Microsoft Entra ID directory
- List Users
Retrieve a list of all users in the Microsoft Entra ID directory
- Get User
Retrieve the properties and relationships of a specific user by ID or userPrincipalName
- Update User
Update the properties of a user in Microsoft Entra ID
- Delete User
Delete a user from Microsoft Entra ID directory
Groups
- Create Group
Create a new group in Microsoft Entra ID
- List Groups
Retrieve a list of all groups in the Microsoft Entra ID directory
- Get Group
Retrieve the properties of a specific group by ID
- Update Group
Update the properties of a group in Microsoft Entra ID
- Delete Group
Delete a group from Microsoft Entra ID
Group Members
- Add Group Member
Add a member to a group
- List Group Members
Retrieve the members of a group
- Remove Group Member
Remove a member from a group
Organizations
- List Organizations
Retrieve a list of organizations (tenants) associated with the authenticated user
- Get Organization
Retrieve the properties of a specific organization (tenant) by ID
- Update Organization
Update the properties of a specific organization (tenant)
Applications
- Create Application
Create a new application registration in Microsoft Entra ID
- List Applications
Retrieve a list of application registrations in Microsoft Entra ID
- Get Application
Retrieve the properties of a specific application by ID
- Update Application
Update the properties of an application in Microsoft Entra ID
- Delete Application
Delete an application from Microsoft Entra ID
Directory Roles
- List Directory Roles
Retrieve a list of activated directory roles in Microsoft Entra ID
- Get Directory Role
Retrieve the properties of a specific directory role by ID
Directory Role Members
- Add Directory Role Member
Add a member to a directory role
- List Directory Role Members
Retrieve the members of a directory role
- Remove Directory Role Member
Remove a member from a directory role
Service Principals
- Create Service Principal
Create a new service principal for an application in Microsoft Entra ID
- List Service Principals
Retrieve a list of service principals (enterprise applications) in Microsoft Entra ID
- Get Service Principal
Retrieve the properties of a specific service principal by ID
- Update Service Principal
Update the properties of a service principal in Microsoft Entra ID
- Delete Service Principal
Delete a service principal from Microsoft Entra ID
Conditional Access Policys
- Create Conditional Access Policy
Create a new conditional access policy in Microsoft Entra ID
- Get Conditional Access Policy
Retrieve the properties of a specific conditional access policy by ID
- Update Conditional Access Policy
Update the properties of a conditional access policy in Microsoft Entra ID
- Delete Conditional Access Policy
Delete a conditional access policy from Microsoft Entra ID
Named Locations
- List Named Locations
Retrieve a list of named locations used in conditional access policies
- Get Named Location
Retrieve the properties of a specific named location by ID
- Delete Named Location
Delete a named location from Microsoft Entra ID
Domains
- Create Domain
Add a new domain to Microsoft Entra ID
- List Domains
Retrieve a list of domains associated with the Microsoft Entra ID tenant
- Get Domain
Retrieve the properties of a specific domain by domain name
- Delete Domain
Delete a domain from Microsoft Entra ID
Devices
- List Devices
Retrieve a list of devices registered in Microsoft Entra ID
- Get Device
Retrieve the properties of a specific device by ID
- Update Device
Update the properties of a device in Microsoft Entra ID
- Delete Device
Delete a device from Microsoft Entra ID
OAuth2 Permission Grants
- Create OAuth2 Permission Grant
Create a new OAuth2 permission grant (delegated permission consent)
- List OAuth2 Permission Grants
Retrieve a list of delegated permission grants in Microsoft Entra ID
- Get OAuth2 Permission Grant
Retrieve a specific OAuth2 permission grant by ID
- Update OAuth2 Permission Grant
Update an existing OAuth2 permission grant
- Delete OAuth2 Permission Grant
Delete an OAuth2 permission grant (revoke delegated permission consent)
Other (16)
- Add App Role Assignment To Service Principal
Grant an app role to a service principal
- Create IP Named Location
Create a new IP-based named location for conditional access
- Create Country Named Location
Create a new country-based named location for conditional access
- List Role Templates
Retrieve a list of all directory role templates in Microsoft Entra ID
- List Service Principal App Role Assignments
Retrieve app role assignments granted to a service principal
- List Conditional Access Policies
Retrieve a list of all conditional access policies in Microsoft Entra ID
- List Domain Verification DNS Records
Retrieve DNS records required to verify domain ownership
- List Domain Service Configuration Records
Retrieve DNS records needed for services using the domain
- List Device Registered Owners
Retrieve the registered owners of a device
- List Device Registered Users
Retrieve the registered users of a device
- List Device Group Memberships
Retrieve the groups that a device is a member of
- List User App Role Assignments
Retrieve app role assignments for a specific user
- Remove App Role Assignment From Service Principal
Remove an app role assignment from a service principal
- Remove App Role From User
Remove an app role assignment from a user
- Verify Domain
Verify a domain in Microsoft Entra ID
- Assign App Role To User
Assign an app role to a user
Set Up Your Microsoft Entra ID MCP Server in Minutes
One endpoint. Any framework. Your agent is talking to Microsoft Entra ID in under 10 lines of code.
MCP Clients
Agent Frameworks
JSON{
"mcpServers": {
"stackone": {
"command": "npx",
"args": [
"-y",
"mcp-remote@latest",
"https://api.stackone.com/mcp?x-account-id=<account_id>",
"--header",
"Authorization: Basic <YOUR_BASE64_TOKEN>"
]
}
}
}More Security MCP Servers
Cloudflare
137+ actions
OneLogin
109+ actions
Sentinel XS
69+ actions
Drata
57+ actions
JumpCloud
53+ actions
Rippling
37+ actions
Okta
32+ actions
Microsoft Entra ID MCP Server Resources
MCP Code Mode: Keeping Tool Responses Out of Agent Context
Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.
11 min
Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery
Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.
10 min
Indirect Prompt Injection Defense for MCP Tools: A Technical Guide
MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.
12 min
Microsoft Entra ID MCP Server FAQ
Microsoft Entra ID MCP server vs direct API integration — what's the difference?
A Microsoft Entra ID MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling Microsoft Entra ID. A Microsoft Entra ID MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling Microsoft Entra ID at runtime. StackOne provides both.
How does Microsoft Entra ID authentication work for AI agents?
Microsoft Entra ID authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own Microsoft Entra ID account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via
origin_owner_id.Are Microsoft Entra ID MCP tools vulnerable to prompt injection?
Yes — Microsoft Entra ID MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a Microsoft Entra ID agent and how do I avoid it?
Context bloat happens when Microsoft Entra ID tool schemas and API responses eat your Microsoft Entra ID agent's memory, preventing it from reasoning effectively. A single Microsoft Entra ID query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my Microsoft Entra ID agent can access?
Yes — you can limit which actions your Microsoft Entra ID agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my Microsoft Entra ID MCP server?
Yes — you can create custom agent actions for your Microsoft Entra ID MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research Microsoft Entra ID's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a Microsoft Entra ID MCP server?
Skip a Microsoft Entra ID MCP server if your integration is purely software-to-software — direct Microsoft Entra ID API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call Microsoft Entra ID actions at runtime.
What AI frameworks and AI clients does the StackOne Microsoft Entra ID MCP server support?
The StackOne Microsoft Entra ID MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.
Put your AI agents to work
All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.