Is Lokka safe to use?

Lokka has no known CVEs as of the latest MCPpedia security scan. It requires authentication to connect, which limits unauthorized access. Licensed under MIT.

How do I install Lokka?

Lokka supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

Lokka provides 3 tools: Components, Contributors, Installation. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Lokka?

Lokka is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.

Is Lokka actively maintained?

Lokka is less actively maintained — last commit was 211 days ago. It has 247 GitHub stars.

Lokka

Name: Lokka
Author: merill

by merill

MCP (Model Context Protocol) for Microsoft 365. Includes support for Microsoft Graph and other services

247 3 tools GitHub

No known CVEs

MIT license

Stale

Last commit 211d ago

Works with most clients

Transport: stdio, sse

3 tools · ~117 tok

Grade A · 0.1% of 200K ctx

Edit this pageView history

Productivity Communication

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "Lokka-Microsoft": {
      "args": [
        "-y",
        "@merill/lokka"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/lokka)](https://mcppedia.org/s/lokka)

Read me

What Lokka does

Lokka is a model-context-protocol server for the Microsoft Graph and Azure RM APIs that allows you to query and manage your Azure and Microsoft 365 tenants with AI.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

67/100across 5 weighted dimensions

How we score →

0255075100

−33

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (3)

Click any tool to inspect its schema.

~117 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Lokka safe to use?: Lokka has no known CVEs as of the latest MCPpedia security scan. It requires authentication to connect, which limits unauthorized access. Licensed under MIT.
How do I install Lokka?: Lokka supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Lokka do?: Lokka provides 3 tools: Components, Contributors, Installation. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Lokka?: Lokka is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
Is Lokka actively maintained?: Lokka is less actively maintained — last commit was 211 days ago. It has 247 GitHub stars.

Similar servers

Others in productivity / communication

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

85.9k 5

Mac_messages_mcp95

An MCP server that securely interfaces with your iMessage database via the Model Context Protocol (MCP), allowing LLMs to query and analyze iMessage conversations. It includes robust phone number validation, attachment processing, contact management, group chat handling, and full support for sending and receiving messages.

279 4

io.github.miroapp/mcp-server95

Official Miro MCP server - Supports context to code and creating diagrams, docs, and data tables.

104 7

Scrumboy95

a self-hosted project management & Kanban solution + Instant shareable boards

238 1

MCP Security Weekly

Get CVE alerts and security updates for Lokka and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Productivity Communication

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "Lokka-Microsoft": {
      "args": [
        "-y",
        "@merill/lokka"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/lokka)](https://mcppedia.org/s/lokka)

Read me

What Lokka does

Lokka is a model-context-protocol server for the Microsoft Graph and Azure RM APIs that allows you to query and manage your Azure and Microsoft 365 tenants with AI.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

README

Lokka

Lokka is a model-context-protocol server for the Microsoft Graph and Azure RM APIs that allows you to query and manage your Azure and Microsoft 365 tenants with AI.

Please see Lokka.dev for how to use Lokka with your favorite AI model and chat client.

Lokka lets you use Claude Desktop, or any MCP Client, to use natural language to accomplish things in your Azure and Microsoft 365 tenant through the Microsoft APIs.

e.g.:

Create a new security group called 'Sales and HR' with a dynamic rule based on the department attribute.
Find all the conditional access policies that haven't excluded the emergency access account
Show me all the Intune device configuration policies assigned to the 'Call center' group
What was the most expensive service in Azure last month?

Authentication Methods

Lokka now supports multiple authentication methods to accommodate different deployment scenarios:

Interactive Auth

For user-based authentication with interactive login, you can use the following configuration:

This is the simplest config and uses the default Lokka app.

{
  "mcpServers": {
    "Lokka-Microsoft": {
      "command": "npx",
      "args": ["-y", "@merill/lokka"]
    }
  }
}

Interactive auth with custom app

If you wish to use a custom Microsoft Entra app, you can create a new app registration in Microsoft Entra and configure it with the following environment variables:

{
  "mcpServers": {
    "Lokka-Microsoft": {
      "command": "npx",
      "args": ["-y", "@merill/lokka"],
      "env": {
        "TENANT_ID": "<tenant-id>",
        "CLIENT_ID": "<client-id>",
        "USE_INTERACTIVE": "true"
      }
    }
  }
}

App-Only Auth

Traditional app-only authentication. You can use either certificate (recommended) or client secret authentication with the following configuration.

See Install Guide for more details on how to create an Entra app.

App-Only Auth with Certificate

App only authentication using a PEM-encoded client certificate:

{
  "mcpServers": {
    "Lokka-Microsoft": {
      "command": "npx",
      "args": ["-y", "@merill/lokka"],
      "env": {
        "TENANT_ID": "<tenant-id>",
        "CLIENT_ID": "<client-id>",
        "CERTIFICATE_PATH": "/path/to/certificate.pem",
        "CERTIFICATE_PASSWORD": "<optional-certificate-password>",
        "USE_CERTIFICATE": "true"
      }
    }
  }
}

For comfort, in order to convert a PFX client certificate to a PEM-encoded certificate:

openssl pkcs12 -in /path/to/cert.pfx -out /path/to/cert.pem -nodes -clcerts

App-Only Auth with Client Secret

{
  "mcpServers": {
    "Lokka-Microsoft": {
      "command": "npx",
      "args": ["-y", "@merill/lokka"],
      "env": {
        "TENANT_ID": "<tenant-id>",
        "CLIENT_ID": "<client-id>",
        "CLIENT_SECRET": "<client-secret>"
      }
    }
  }
}

Client-Provided Token

Token-based authentication where the MCP Client provides access tokens:

{
  "mcpServers": {
    "Lokka-Microsoft": {
      "command": "npx",
      "args": ["-y", "@merill/lokka"],
      "env": {
        "USE_CLIENT_TOKEN": "true"
      }
    }
  }
}

When using client-provided token mode:

Start the MCP server with USE_CLIENT_TOKEN=true
Use the set-access-token tool to provide a valid Microsoft Graph access token
Use the get-auth-status tool to verify authentication status
Refresh tokens as needed using set-access-token

New Tools

Token Management Tools

set-access-token: Set

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

67/100across 5 weighted dimensions

How we score →

0255075100

−33

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (3)

Click any tool to inspect its schema.

~117 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Lokka safe to use?: Lokka has no known CVEs as of the latest MCPpedia security scan. It requires authentication to connect, which limits unauthorized access. Licensed under MIT.
How do I install Lokka?: Lokka supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Lokka do?: Lokka provides 3 tools: Components, Contributors, Installation. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Lokka?: Lokka is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
Is Lokka actively maintained?: Lokka is less actively maintained — last commit was 211 days ago. It has 247 GitHub stars.