subagentcowork

.com 87 pages

Connect to Microsoft 365

Give Claude access to your organization's Outlook, OneDrive, SharePoint, and Teams data through a connector you register in your own Microsoft Entra tenant.

The remote connector is hosted by Anthropic. Data in transit passes through Anthropic's infrastructure, which is based in the United States. Anthropic does not collect or store any data that transits through the server. To keep all Microsoft 365 traffic between the user's device and Microsoft instead, use the [local connector](#local-connector).

When Cowork is deployed on third-party inference, Claude can read your organization's Microsoft 365 data (Outlook mail and calendar, OneDrive, SharePoint, and Teams) through a connector registered in your own Microsoft Entra tenant. Two connectors are available: a remote connector hosted by Anthropic, and a local connector built into the desktop app.

Choose a connector

Both connectors provide the same read and search tools; they differ in data path and authentication. Use this table to pick one, then follow that connector's section below.

Remote connector Local connector
Microsoft 365 data path Transits Anthropic's infrastructure (no storage) Stays between the user's device and Microsoft
App registrations you own One desktop client app, plus tenant consent to Anthropic's connector app One dedicated public client app
Token exchange On-behalf-of exchange in Anthropic's infrastructure Tokens acquired and stored on the device
Allowlisting with Anthropic Required (two to three business days) Not needed
Device egress login.microsoftonline.com and the connector host login.microsoftonline.com and graph.microsoft.com
Device-based Conditional Access Not supported (the server-side exchange has no device identity) Supported on managed Windows and Mac devices through brokered sign-in
US Government clouds Separate connector deployment; contact your Anthropic representative Built in; set azureCloud

Remote connector

When Cowork is deployed on third-party inference, Claude can read your organization's Microsoft 365 data—Outlook mail and calendar, OneDrive, SharePoint, and Teams—through Anthropic's Microsoft 365 connector service. The desktop app authenticates with an app registration you create in your own Microsoft Entra tenant, and the connector service performs the Microsoft Graph calls on the signed-in user's behalf.

Anthropic's connector service receives the desktop's delegated access token on each request and exchanges it on-behalf-of the user for a short-lived Graph token. Neither token is persisted server-side beyond the request, and Anthropic never holds your tenant's client secrets or the user's refresh token (the refresh token stays encrypted on the user's device).

Setup takes about fifteen minutes and requires a Global Administrator or Cloud Application Administrator in your Entra tenant.

How the connection works

Three applications participate in the sign-in chain. Understanding which one each ID refers to makes the setup steps below easier to follow.

Application Owner Purpose
Desktop client app You (registered in your tenant) What Claude Desktop signs in as. Public client, PKCE, no secret.
Anthropic connector app Anthropic (multi-tenant) Receives the desktop's token and calls Microsoft Graph on the user's behalf.
Microsoft Graph Microsoft The Microsoft 365 data APIs.

Claude Desktop signs in through your desktop client app, receives a token scoped to the Anthropic connector app, and sends that token to Anthropic's connector service. The connector service exchanges it for a Graph token using the on-behalf-of flow and makes Graph calls as the signed-in user.

Set up the remote connector

The four steps below cover tenant consent, app registration, allowlisting, and desktop configuration.

**Consent the Anthropic connector app into your tenant**

A tenant administrator must consent to Anthropic's multi-tenant connector app once for the organization. This creates a service principal in your tenant; no secret is exchanged.

Open the following URL after replacing `YOUR_TENANT_ID` with the Directory (tenant) ID shown in **Entra admin center → Overview**.

```text theme={null}
https://login.microsoftonline.com/YOUR_TENANT_ID/adminconsent?client_id=07c030f6-5743-41b7-ba00-0a6e85f37c17
```

The consent screen lists the delegated Microsoft Graph permissions the connector requests. All are read-only:

| Scope                                     | Purpose                                                     |
| ----------------------------------------- | ----------------------------------------------------------- |
| `User.Read`                               | Read the signed-in user's profile                           |
| `Mail.Read`, `Mail.Read.Shared`           | Read mail in the user's and shared mailboxes                |
| `Calendars.Read`, `Calendars.Read.Shared` | Read events in the user's and shared calendars              |
| `Files.Read.All`                          | Read files the user can access in OneDrive and SharePoint   |
| `Sites.Read.All`                          | Read SharePoint site content the user can access            |
| `Chat.Read`, `ChatMessage.Read`           | Read Teams chat messages the user can access                |
| `offline_access`                          | Allow the desktop to refresh its token without re-prompting |

Review the permissions and select **Accept**.

> [!NOTE]

FedRAMP and GovCloud deployments use a different connector app ID and a different connector service hostname. Contact your Anthropic representative for the app ID to use in this URL and in the scope string in step 4, and for the connector URL to use in step 4.

Register a desktop client app in your tenant

Create the public client that Claude Desktop will sign in as.

1. In **Entra admin center → App registrations → New registration**, set **Name** to `Claude Desktop` (or your preferred name), set **Supported account types** to *Accounts in this organizational directory only*, and add a **Redirect URI** of platform *Mobile and desktop applications* with the value `http://127.0.0.1/callback`.
2. Select **Register**, then note the **Application (client) ID** and **Directory (tenant) ID** shown on the overview page.
3. Under **API permissions → Add a permission → APIs my organization uses**, search for `Anthropic` (or paste the connector app ID from step 1), select **Delegated permissions → access\_as\_user**, then **Add permissions**.
4. Select **Grant admin consent for \{your organization}**.

No client secret is needed; this is a public client that uses PKCE.

Send Anthropic your IDs

Anthropic maintains an allowlist of tenant and client IDs that may call the connector service. Email your Anthropic representative, or open a support ticket, with your Directory (tenant) ID and the Application (client) ID from step 2. Allowlisting is typically completed within two to three business days, as it requires a connector service deployment.

Until the allowlist is updated, sign-in will succeed but the connector returns *Client application is not authorized for this resource*.

Configure Claude Desktop

In the Claude Desktop setup window, open Connectors & extensions, select Add server → Microsoft 365, and enter the values below.

| Field     | Value                                                                      |
| --------- | -------------------------------------------------------------------------- |
| Client ID | The Application (client) ID from step 2                                    |
| Tenant ID | Your Directory (tenant) ID                                                 |
| Scope     | `api://07c030f6-5743-41b7-ba00-0a6e85f37c17/access_as_user offline_access` |

Select **Save**, then deploy the configuration through your device-management tool as usual.

If you manage configuration through JSON or a plist directly instead of the setup window, add the following entry to [`managedMcpServers`](/cowork/3p/configuration#managedmcpservers).

```json theme={null}
{
  "name": "m365",
  "url": "https://microsoft365.mcp.claude.com/mcp",
  "transport": "http",
  "oauth": {
    "clientId": "APPLICATION_CLIENT_ID_FROM_STEP_2",
    "tenantId": "DIRECTORY_TENANT_ID",
    "scope": "api://07c030f6-5743-41b7-ba00-0a6e85f37c17/access_as_user offline_access"
  }
}
```

Sign in as a user

After the configuration is deployed, each user opens Settings → Connectors in Claude Desktop and selects Connect next to Microsoft 365. Their browser opens to your tenant's sign-in page; once they consent, the connector is ready to use in conversations.

Allow the required network hosts

In addition to the base egress hosts, Claude Desktop needs outbound HTTPS access to the hosts below. The connector service itself calls graph.microsoft.com from Anthropic's infrastructure, so user devices do not need egress to Graph.

Host Purpose
login.microsoftonline.com Microsoft Entra sign-in
microsoft365.mcp.claude.com The connector service (substitute your deployment's hostname)

Troubleshoot sign-in errors

The errors below are the ones most commonly seen during setup. Each maps to a specific step that was missed or misconfigured.

Error Cause Fix
AADSTS50011 redirect mismatch Redirect URI is not exactly http://127.0.0.1/callback, or was registered under Web instead of Mobile and desktop applications Re-check step 2.1
AADSTS50194 multi-tenant required Tenant ID is missing from the configuration Add Tenant ID in step 4
AADSTS65001 admin consent required Step 1 was not completed, or step 2.4 was skipped Complete admin consent
Client application is not authorized for this resource Anthropic allowlist not yet updated Wait for confirmation from step 3
AADSTS9000411 duplicate prompt parameter Older Claude Desktop build Upgrade to the current release

Local connector

Claude Desktop includes a built-in copy of the Microsoft 365 server. As an alternative to the remote connector, you can configure the app to run that server as a local process on each user's machine: the user signs in to Microsoft Entra on the device, and the server calls Microsoft Graph directly from the device. No Microsoft 365 data or tokens pass through Anthropic's infrastructure.

Choose the local connector when your data-residency requirements do not allow Microsoft 365 content to transit infrastructure outside your control, when your tenant enforces device-based Conditional Access policies (such as Require compliant device) that the remote connector's server-side token exchange cannot satisfy, or when you want to avoid the allowlisting step. The comparison table above summarizes the differences.

Set up the local connector

**Register a public client app for local mode**

[!WARNING] Do not reuse the desktop client app you registered for the remote connector. That app is consented only for the connector's own scope, so its tokens can reach nothing but the connector service. The local-mode app needs Microsoft Graph permissions directly, and adding those to the remote connector app's client ID would let any token minted for it read Microsoft 365 data directly, tenant-wide. Register a separate app dedicated to local mode.

1. In **Entra admin center → App registrations → New registration**, set **Name** to `Claude Desktop M365 Local` (or your preferred name) and set **Supported account types** to *Accounts in this organizational directory only*.
2. Under **Authentication → Add a platform → Mobile and desktop applications**, add a redirect URI of `http://localhost`. This is the standard loopback redirect for desktop apps: during browser sign-in, Microsoft Entra redirects to a listener on the device itself, so the response never leaves the machine. For brokered sign-in on managed devices, also add the per-platform broker redirect URI shown under [How users sign in](#how-users-sign-in).
3. Leave **Allow public client flows** set to **No**. The local connector's sign-in flows do not need it, and leaving it off prevents device-code phishing against this registration.
4. Under **API permissions → Add a permission → Microsoft Graph → Delegated permissions**, add the scopes the connector will request (the default set is listed under [Configure scopes](#configure-scopes)), then select **Grant admin consent for \{your organization}**.
5. Note the **Application (client) ID** and **Directory (tenant) ID** from the overview page.

Configure Claude Desktop

In the Claude Desktop setup window, open Connectors & extensions, select Add server, and choose Microsoft 365 under the Built-in group. Enter the values below, then select Test connection to verify that the server starts and lists its tools, and select Save.

| Field       | Value                                                                                                       |
| ----------- | ----------------------------------------------------------------------------------------------------------- |
| Tenant ID   | Your Directory (tenant) ID                                                                                  |
| Client ID   | The Application (client) ID from step 1                                                                     |
| Azure cloud | `global` (default), `us-gov-high`, or `us-gov-dod`                                                          |
| Access      | Leave empty for standard read access, or list scopes explicitly (see [Configure scopes](#configure-scopes)) |

If you manage configuration through JSON or a plist directly, add an entry to [`managedMcpServers`](/cowork/3p/configuration#managedmcpservers) with the `server` field set to `microsoft365`:

```json theme={null}
{
  "name": "Microsoft 365",
  "server": "microsoft365",
  "tenantId": "DIRECTORY_TENANT_ID",
  "clientId": "APPLICATION_CLIENT_ID_FROM_STEP_1"
}
```

| Field        | Required | Description                                                                                                                                                                   |
| ------------ | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `name`       | Yes      | Unique display name, shown to users in connector settings.                                                                                                                    |
| `server`     | Yes      | Must be `microsoft365`. Built-in entries use this field instead of `url`, `transport`, or `command`; an entry that mixes `server` with those fields is rejected.              |
| `clientId`   | Yes      | The Application (client) ID of the local-mode app from step 1.                                                                                                                |
| `tenantId`   | Yes      | Your Directory (tenant) ID.                                                                                                                                                   |
| `azureCloud` | No       | `global` (default), `us-gov-high`, or `us-gov-dod`. Selects the Microsoft Entra and Microsoft Graph hosts for US Government clouds.                                           |
| `scope`      | No       | Space-separated delegated Graph scopes to request instead of the default read set. A string array named `scopes` is also accepted. See [Configure scopes](#configure-scopes). |
| `toolPolicy` | No       | Per-tool approval locks, the same as for any managed server. See [`toolPolicy`](/cowork/3p/configuration#toolpolicy).                                                         |

The server ships inside the app, so nothing else needs to be installed on the device, and it activates only from managed configuration; users cannot add it themselves. Deploy the configuration through your device-management tool as usual.

Allow the required network hosts for local mode

The local connector calls Microsoft directly from the device, so in addition to the base egress hosts, devices need outbound HTTPS access to:

| Host                        | Purpose                   |
| --------------------------- | ------------------------- |
| `login.microsoftonline.com` | Microsoft Entra sign-in   |
| `graph.microsoft.com`       | Microsoft Graph data APIs |

US Government cloud deployments use `login.microsoftonline.us` and `graph.microsoft.us` (or `dod-graph.microsoft.us` for `us-gov-dod`) instead, matching the `azureCloud` setting. GCC High (`us-gov-high`) support has been confirmed in customer deployments. No egress to any Anthropic host is needed for Microsoft 365 data with the local connector.

Configure scopes

With no scope field, the connector requests the standard read set at sign-in: every read scope a user can consent to for themselves.

Scope Purpose
User.Read Read the signed-in user's profile
Mail.Read, Mail.Read.Shared Read mail in the user's and shared mailboxes
Calendars.Read, Calendars.Read.Shared Read events in the user's and shared calendars, and find meeting times
Files.Read.All Read files the user can access in OneDrive and SharePoint
Sites.Read.All Read SharePoint site content the user can access
Chat.Read Read Teams chat messages the user can access
OnlineMeetings.Read Read the user's online meetings
offline_access Refresh tokens without re-prompting

To request a different set, list scopes in the entry's scope field. The connector then requests exactly that list (plus User.Read and offline_access, which are always included), so you can narrow the read surface or add the two scopes that require tenant-admin consent:

  • ChannelMessage.Read.All adds Teams channel messages to chat search results.
  • OnlineMeetingTranscript.Read.All enables reading meeting transcripts.

Until those two are granted, chat search omits channel results and transcript requests return a permission error. Whatever you list must also be consented on the app registration from step 1; keep the two lists in sync.

The scope field accepts only scopes the connector can use. An entry containing an unrecognized scope name is rejected as a whole at configuration load, with an error in the app's main log listing the valid names, and the connector does not appear.

[!NOTE] Narrowing or removing scope shrinks what the connector requests at the next sign-in, but it does not narrow tokens already obtainable for the registration: Microsoft Entra issues tokens carrying every scope previously consented for the app, regardless of what is requested. To revoke access, remove the consent in Entra under Enterprise applications → your app → Permissions.

The connector provides these tools:

Tool What it does
outlook_email_search Search Outlook mail
outlook_calendar_search Search calendar events
find_meeting_availability Find free meeting times
chat_message_search Search Teams chat (1:1 and group; channel messages need ChannelMessage.Read.All)
sharepoint_search, sharepoint_folder_search Search SharePoint and OneDrive
read_resource Fetch a specific item, such as a message, event, or file

The connector is read-only.

How users sign in

After the configuration is deployed, the connector appears in Settings → Connectors in Claude Desktop. Sign-in starts when the user selects Connect.

On both Windows and macOS, sign-in goes through the device's native authentication broker when the device is set up for it: a system account-picker dialog appears instead of the browser, and the issued tokens carry the device identity claim that device-based Conditional Access policies (such as Require compliant device) evaluate. When the broker is unavailable, sign-in opens the system browser instead. The requirements for each platform are listed below.

Browser sign-in works on tenants without device-based Conditional Access policies. It satisfies device policies only when the browser itself carries the device identity: on Windows, a browser signed in with the work account on an Entra-joined device (such as Microsoft Edge) provides this; on macOS, deploy Microsoft's Enterprise SSO browser integration, or use brokered sign-in instead.

Brokered sign-in on Windows requires Claude Desktop version 1.13576.0 or later.
* Windows 10 or later (desktop editions). The broker (Web Account Manager, or WAM) is built into Windows; no separate install is needed.
* The device is joined or registered to Entra ID (Entra joined, Entra hybrid joined, or Entra registered). For device-based Conditional Access, the device must also be marked compliant in Intune or hybrid-joined, as your policy requires.
* The broker redirect URI is registered on the local-mode app under **Mobile and desktop applications**, with `APPLICATION_CLIENT_ID` replaced by the Application (client) ID from step 1:

```text theme={null}
ms-appx-web://Microsoft.AAD.BrokerPlugin/APPLICATION_CLIENT_ID
```

If the broker rejects the app's sign-in request, or a brokered attempt fails with an error the broker cannot recover from, the connector falls back to the system browser automatically and stays on the browser flow until Claude Desktop restarts. A user canceling the broker dialog does not trigger the fallback. On tenants that require a compliant device, tool calls then fail with `AADSTS53003`, unless the browser itself carries the device identity (see above); fix the broker requirement that caused the fallback (most often a missing broker redirect URI) and restart the app. A fallback is recorded in the connector's log file as a `local_auth_broker_fallback` event.
* The Mac is enrolled in an MDM (Intune, Jamf, or similar), registered in Entra ID, and marked compliant. For non-Intune MDMs, use the partner device-compliance integration that reports compliance to Intune and Entra. * **Intune Company Portal** is installed; it provides the broker. * An **Extensible SSO** configuration profile of type **Redirect**, pointed at the Microsoft Enterprise SSO plug-in, is deployed through MDM. The broker is unavailable without it. * The broker redirect URI is registered on the local-mode app under **Mobile and desktop applications**:
```text theme={null}
msauth.com.anthropic.claudefordesktop://auth
```

If the broker rejects the app's sign-in request, or a brokered attempt fails with an error the broker cannot recover from, the connector falls back to the system browser automatically and stays on the browser flow until Claude Desktop restarts. A user canceling the broker dialog does not trigger the fallback. On tenants that require a compliant device, tool calls then fail with `AADSTS53003`, unless the browser itself is signed in through the device's SSO integration; fix the broker requirement that caused the fallback (most often a missing broker redirect URI or SSO profile) and restart the app. A fallback is recorded in the connector's log file as a `local_auth_broker_fallback` event.

Token storage and sign-out

The connector's Entra tokens are stored on the device, encrypted by Claude Desktop using the operating system's secure storage. Each configured entry has its own token store, and tokens persist across app restarts so users are not asked to sign in again each session.

Selecting Disconnect next to the connector signs the user out and deletes its stored tokens. Where the user signed in through the broker, the device's work or school account itself is managed by the operating system and remains after Disconnect, as with any other brokered app; remove the account in Windows Settings (Accounts → Access work or school) or macOS Company Portal, or revoke the user's sessions in Entra, to end access entirely (revocation takes effect once the current access token expires).

Troubleshoot the local connector

Symptom Cause Fix
Test connection reports that the built-in server is not included The installed Claude Desktop version predates the built-in connector Upgrade Claude Desktop
Microsoft 365 is missing from the Add server options The installed Claude Desktop version predates the built-in connector Upgrade Claude Desktop, or author the JSON entry directly
Connector missing from settings The entry was rejected during configuration parsing: an unrecognized scope name in scope, a missing tenantId or clientId, or a url, transport, or command field mixed into the entry Check the app's main log for a line naming the dropped entry
Sign-in opens the browser on a managed device where the broker was expected macOS: Company Portal is not installed, the SSO configuration profile is not deployed, or the broker redirect URI is not registered. Windows: Claude Desktop is older than 1.13576.0, the device is not Entra-joined or Entra-registered, or the broker redirect URI is not registered Re-check the brokered sign-in requirements above
AADSTS50011 redirect mismatch The http://localhost redirect URI is missing, or was registered under Web instead of Mobile and desktop applications Re-check step 1.2
AADSTS65001 admin consent required Graph delegated permissions were not admin-consented Re-check step 1.4
AADSTS53003 blocked by Conditional Access A device-compliance policy is evaluating a sign-in that carries no device claim Meet the brokered sign-in requirements for the platform, then restart Claude Desktop
Tools return a permission error or Graph 403 A scope the tool needs is not consented on the app registration, or is excluded by an explicit scope list Add the scope in both places and grant admin consent

The connector writes its sign-in and Microsoft Graph errors to its own log file in the Claude Desktop logs directory (~/Library/Logs/Claude-3p/ on macOS, %LOCALAPPDATA%\Claude-3p\logs\ on Windows), named mcp-server-office365-builtin.log. Configuration parsing and connection lifecycle messages appear in main.log in the same directory.

mirror sha256:16 0565c113bac58f7d · verify