Microsoft 365 AI Platform

One secure Microsoft 365 layer for AI work.

Alterspective owns the deployment, auth boundary, and reporting layer so agents, dashboards, and operators can all reuse one governed Microsoft 365 platform instead of duplicating Graph integrations.

Entra OAuth 97 governed tools 3 report families

See AI Client Setup Open Reports Cockpit

Read the service story Choose the right interface Technical access details

Tool Surface

97 tools

Tool Families

6 families

Write Actions

Report Families

Rollout State

Entra OAuth

Per-user Microsoft Entra tokens are required for every hosted MCP session.

Reports: 3 persisted report families
Sync Mode: Operator-triggered only
Protocol: 2025-06-18

Platform Surface

97 visible of 97

97 tools are currently exposed across the full service catalog.

28 write-capable tools are currently available.

The platform is organized into governed tool families rather than one-off utilities.

core · 1
mail · 15
calendar · 10
files · 14
productivity · 24
collaboration · 33

Service Story

How the platform turns Microsoft 365 into reusable AI context.

The role of this service is bigger than exposing tools. It centralizes Microsoft 365 access, owns the auth boundary, reuses one Graph-backed core, and then serves the right interface for the right consumer: MCP for agents, API for apps, and reports UI for operators.

Centralize Microsoft 365 access

Mail, calendars, files, Teams, tasks, notes, contacts, and search come through one owned service instead of scattered one-off integrations.

Put auth and policy in one place

The service owns Entra auth, request policy, tool filtering, and reporting persistence so every consumer inherits the same controls.

Reuse one core across many interfaces

Agents use MCP, products use the API, and operators use the cockpit on top of the same Graph-backed core.

Turn raw SaaS activity into AI context

Instead of every assistant calling Graph directly, the platform packages reusable Microsoft 365 context for automation and products.

The storyline is intentional: connect once, govern once, reuse everywhere. That is how the service fits inside the wider Alterspective AI platform without spawning duplicated integrations.

AI Strategy

This is the Microsoft 365 integration layer in the stack.

It gives the business one owned gateway for Microsoft work activity. That means AI assistants, dashboards, and future products can all share the same service model instead of building separate Graph integrations, separate auth flows, or separate reporting logic.

Own the boundary

Replace third-party runtime dependency with an Alterspective-owned integration and auth layer.

Build once, surface many ways

One core powers tools, APIs, reporting, and operator workflows instead of duplicated code paths.

Make context portable

Microsoft 365 work data becomes reusable context for copilots, dashboards, and future AI products.

Move from experiments to platform

This is a product-grade platform component, not just a local MCP process for one user.

Architecture Storyboard

See the platform as one flow, not a pile of endpoints.

Microsoft 365 systems feed one Alterspective-owned platform layer. That layer governs auth, applies shared Graph logic, persists reporting state, and then exposes the right surface for agents, products, and operators.

Step 01

Capture Microsoft work signals once

Mail, meetings, files, collaboration, tasks, contacts, and search enter through one owned boundary instead of scattered point integrations.

Outlook & shared mailboxesCalendar & meeting loadOneDrive, SharePoint, ExcelTeams, Planner, To Do, contacts

Step 02

Govern, enrich, and persist them

The platform applies Entra OAuth, Graph service logic, request policy, and persisted report storage in one place.

Hosted OAuth and OBOShared Graph-backed servicesPolicy, filtering, and auditStored views, sync runs, and cursors

Step 03

Deliver the right surface for the job

Agents, dashboards, operators, and future products reuse the same service model instead of rebuilding Microsoft 365 access.

Hosted MCP for agentsAPI for dashboards and appsReports cockpit for operatorsFuture products on the same core

Security

One auth boundary

Per-user Entra identity and policy stay centralized instead of leaking into every client and dashboard.

Engineering

One shared core

MCP, API, reporting, and operator workflows all sit on the same Graph-backed services and runtime rules.

Operations

One place to prove it works

Health, reporting freshness, sync state, and service diagnostics stay visible in one hosted platform component.

Current Platform Surface

What the platform can already carry.

The service is already more than a hosted MCP endpoint. It combines a broad Microsoft 365 tool catalog, persisted reporting, and operator-facing runtime proof so teams can use one owned integration layer instead of stitching together separate products.

core

0 action tools and 1 read tools

mail

7 action tools and 8 read tools

calendar

4 action tools and 6 read tools

files

6 action tools and 8 read tools

productivity

8 action tools and 16 read tools

collaboration

3 action tools and 30 read tools

97 tools span 6 families, 3 persisted report families, and the current reporting sync mode is operator-triggered-delegated. Report refresh is intentionally operator-driven until a stronger unattended identity model is enabled.

Choose the Right Interface

Match the surface to the job, not the other way around.

Start with the user and the outcome. If an AI assistant needs governed tool calls, use hosted MCP. If a product needs structured report JSON, use the API. If a human needs to see what the platform is doing right now, use the reports cockpit. That keeps the platform understandable and keeps the code shared.

AI agents use hosted MCP

If Codex, Claude Code, or Gemini needs tool calls into Microsoft 365, the default path is the hosted ms365 server at /mcp.

Dashboards use the API

If a product needs structured JSON, persisted reports, or service telemetry, it should call /api/v1 instead of orchestrating MCP calls.

Operators use /reports

If a human needs to verify service state, inspect report freshness, or drive sync operations, the reports cockpit is the right entry point.

Local stdio still exists, but it is intentionally the fallback path for machine-local work or environments that cannot complete hosted OAuth.

Team Standard

Make the default path obvious for every team and tool.

The hosted service is the standard because it keeps auth, Graph access, reporting, and operational controls in one place. That lets teams move between Codex, Claude, Gemini, dashboards, and operator workflows without changing the Microsoft 365 integration story.

Team default

Hosted ms365 is the default path for Microsoft 365 AI work. Local stdio is fallback only.

One shared core

The UI, API, and MCP all sit on top of the same Graph-backed services so the team is not maintaining separate stacks.

Scope boundary

Read scope uses ms365_api.read. Admin actions use ms365_api.admin.

AI Client Playbooks

Pick your client. The hosted endpoint and service rules stay the same.

The client wrapper can change without changing the Microsoft 365 boundary. Keep the hosted service as the default for agent work, and keep the surrounding rules explicit so teams do not invent separate integration paths.

Keep hosted MCP as the default

Every AI client points at the same hosted ms365 endpoint, so auth, monitoring, and Graph access stay owned centrally.

Use API and reports on purpose

Dashboards should call the API, and humans should use the reports cockpit instead of teaching agents to emulate those workflows.

Treat local stdio as fallback

Machine-local use still exists, but the team-standard path is the hosted service so Microsoft 365 context is reusable across tools.

Hosted ms365 is the team default for Codex, Claude Code, and Gemini. The API and reports cockpit are supporting surfaces for dashboards, operators, and diagnostics, not replacements for agent tool calls.

Setup by Client

Switch clients without rewriting the Microsoft 365 integration story.

Start with the client you are using today. Each option below points back to the same owned hosted endpoint and the same operating rules, so the team stays aligned even when the shell or assistant changes.

Repo-centric engineering

Use Codex when the work lives inside the codebase.

Codex is strongest when engineering work needs Outlook, SharePoint, Teams, or reporting context without leaving the repo workflow.

Add the hosted ms365 endpoint once and let Codex reuse it across repos.
Prefer MCP tool calls for Microsoft 365 tasks instead of direct Graph scripts.
Keep dashboard and reporting concerns on /api/v1 and /reports rather than pushing them through agent tools.

Codex setup

Codex

codex mcp add ms365 --url https://ms365-mcp.alterspective.com.au/mcp

# or ~/.codex/config.toml
[mcp_servers.ms365]
url = "https://ms365-mcp.alterspective.com.au/mcp"

Governed coding assistant

Use Claude Code when you want repo-native agent workflows with the same hosted Microsoft 365 boundary.

Claude Code should inherit the same hosted security model as every other client so tool access stays governed and reviewable.

Point Claude Code at the hosted ms365 MCP server, not a separate local Microsoft 365 integration.
Reuse the same OAuth boundary and runtime policies as the rest of the team.
Use the reports cockpit for operators instead of building manual Claude-only verification steps.

Claude Code setup

Claude Code

claude mcp add --transport http ms365 https://ms365-mcp.alterspective.com.au/mcp

# or .mcp.json
{
  "mcpServers": {
    "ms365": {
      "type": "http",
      "url": "https://ms365-mcp.alterspective.com.au/mcp"
    }
  }
}

Alternative agent shell

Use Gemini CLI when Gemini needs the same owned Microsoft 365 context as the rest of the platform.

The wrapper changes, but the rule does not: authenticate Gemini against the same hosted endpoint and keep Microsoft 365 logic centralized.

Use the same hosted /mcp endpoint and trust model as Codex and Claude Code.
Authenticate once, then keep the service boundary consistent across clients.
Avoid separate point integrations that drift away from the owned platform behavior.

Gemini CLI setup

Gemini CLI

{
  "mcpServers": {
    "ms365": {
      "httpUrl": "https://ms365-mcp.alterspective.com.au/mcp",
      "trust": false
    }
  }
}

# then inside Gemini CLI
/mcp auth ms365

Team standard

Keep one rule across all AI clients.

Hosted MCP is the default for agent work. Use the API for dashboards and products, and use the reports cockpit for human operations.

The client can change without changing the Microsoft 365 integration story.
Local stdio remains available only when hosted OAuth is not practical.
Shared agent instructions should always point back to the hosted ms365 service first.

Shared agent instruction

Agent Instruction

Use the ms365 MCP server whenever the task involves Outlook, Calendar, OneDrive, SharePoint, Teams, Planner, To Do, contacts, or Microsoft 365 reporting. Prefer the hosted "ms365" server. Use /api/v1 or /reports only for dashboards, operator reporting, or troubleshooting, not for normal agent tool calls.

Technical Access

When you need the actual endpoints, start here.

The public landing page is for understanding the service. The details below are the implementation reference: hosted MCP for agents, the reporting API for dashboards, and the supporting health and OAuth metadata endpoints for diagnostics and client discovery.

Hosted MCP configuration

Hosted MCP Configuration

{
  "mcpServers": {
    "ms365": {
      "url": "https://ms365-mcp.alterspective.com.au/mcp",
      "type": "http"
    }
  }
}

Dashboard API example

Dashboard API Example

fetch("/api/v1/reports/overview", {
  headers: {
    "Authorization": "Bearer <ms365_api.read token>",
    "Accept": "application/json"
  }
})

Shared agent instruction

Agent Instruction

Use the ms365 MCP server whenever the task involves Outlook, Calendar, OneDrive, SharePoint, Teams, Planner, To Do, contacts, or Microsoft 365 reporting. Prefer the hosted "ms365" server. Use /api/v1 or /reports only for dashboards, operator reporting, or troubleshooting, not for normal agent tool calls.

Endpoints and Protocol

Everything important is still one click away.

Reports UI

/reports

Human-facing cockpit for hosted reporting, sync operations, and service validation.

Hosted MCP

https://ms365-mcp.alterspective.com.au/mcp

Use this for MCP initialize, tools/list, and tools/call on the owned team service.

Protected Resource Metadata

https://ms365-mcp.alterspective.com.au/.well-known/oauth-protected-resource/mcp

OAuth-capable MCP clients use this to discover the authorization server and the supported scopes.

Health

/health

Returns runtime state, auth mode, reporting status, and the current tool catalog summary for smoke checks.