Templates
H

Hub Microsoft Extension

All-in-one mcp covering server, enables, natural, language. Includes structured workflows, validation checks, and reusable patterns for devtools.

MCPClipticsdevtoolsv1.0.0MIT
0 views0 copies

Hub Microsoft Extension

Hub Microsoft Extension is an MCP server that provides AI assistants with access to the Microsoft ecosystem of developer tools and services, including Azure DevOps, Microsoft Graph, and related platform APIs. This MCP bridge enables language models to interact with Microsoft's cloud infrastructure, developer pipelines, and organizational data through a unified protocol interface, streamlining enterprise development workflows.

When to Use This MCP Server

Connect this server when...

  • You need AI-assisted interaction with Azure DevOps for managing work items, pipelines, and repositories
  • Your organization uses Microsoft 365 and you want conversational access to Microsoft Graph data including users, groups, and calendars
  • You are building enterprise automation workflows that span multiple Microsoft services and need a unified AI interface
  • You want to query Azure resource information, deployment statuses, and infrastructure configurations through natural language
  • Your team needs AI assistance navigating Microsoft developer documentation and API references

Consider alternatives when...

  • You only need GitHub integration, which has its own dedicated MCP server with deeper GitHub-specific features
  • Your infrastructure is entirely on AWS or GCP without Microsoft service dependencies
  • You need only email or calendar access, which may be better served by a specialized Microsoft Graph MCP server

Quick Start

# .mcp.json configuration
{
  "mcpServers": {
    "microsoft-hub": {
      "command": "npx",
      "args": ["-y", "@microsoft/mcp-hub-extension"],
      "env": {
        "AZURE_TENANT_ID": "your-tenant-id",
        "AZURE_CLIENT_ID": "your-client-id",
        "AZURE_CLIENT_SECRET": "your-client-secret"
      }
    }
  }
}

Connection setup:

  1. Register an application in Azure Active Directory (portal.azure.com > App registrations)
  2. Grant the necessary API permissions (Microsoft Graph, Azure DevOps) and obtain admin consent
  3. Generate a client secret and note your tenant ID and client ID
  4. Add the configuration above to your .mcp.json file with your Azure AD credentials
  5. Restart your MCP client to establish the connection

Example tool usage:

# Query Azure DevOps work items
> Show me all active bugs assigned to me in the Backend project

# Access Microsoft Graph data
> List all teams I belong to in Microsoft Teams

# Check pipeline status
> What is the status of the latest CI/CD pipeline run for the frontend-app repository?

Core Concepts

ConceptPurposeDetails
Azure AD AuthEnterprise authenticationOAuth 2.0 client credentials flow through Azure Active Directory for secure access to Microsoft APIs
Microsoft GraphOrganizational data APIUnified API endpoint for accessing users, groups, mail, calendars, files, and Teams data across Microsoft 365
Azure DevOpsDeveloper workflow platformWork item tracking, Git repositories, CI/CD pipelines, and artifact management for software development teams
Tenant ScopeOrganization boundaryAll operations are scoped to your Azure AD tenant, ensuring data isolation between organizations
Permission ModelGranular access controlAPI permissions are configured per-application in Azure AD, controlling exactly which data the MCP server can access
Architecture:

+------------------+       +------------------+       +------------------+
|  Microsoft       |       |  Microsoft Hub   |       |  AI Assistant    |
|  Services        |<----->|  MCP Server      |<----->|  (Claude, etc.)  |
|  Graph/DevOps/   | HTTPS |  (npx, stdio)    | stdio |                  |
|  Azure APIs      |       +------------------+       +------------------+
+------------------+
        |
        v
+--------------------------------------------------+
|  Graph > DevOps > Azure > Teams > Office 365     |
+--------------------------------------------------+

Configuration

ParameterTypeDefaultDescription
AZURE_TENANT_IDstring(required)Azure Active Directory tenant identifier for your organization
AZURE_CLIENT_IDstring(required)Application (client) ID from your Azure AD app registration
AZURE_CLIENT_SECRETstring(required)Client secret credential generated in your Azure AD app registration
default_orgstringnoneDefault Azure DevOps organization name for scoping DevOps operations
graph_scopesstringUser.ReadComma-separated Microsoft Graph permission scopes to request during authentication

Best Practices

  1. Apply the principle of least privilege to API permissions. When registering your Azure AD application, only grant the specific Microsoft Graph and Azure DevOps permissions your workflow requires. Avoid granting broad permissions like Directory.ReadWrite.All unless absolutely necessary. Review permissions quarterly and remove unused scopes.

  2. Use application-level permissions for automation. For MCP server usage, configure application permissions rather than delegated permissions in Azure AD. Application permissions do not require a signed-in user and are better suited for background AI assistant operations. Ensure admin consent is granted for each permission.

  3. Rotate client secrets before expiration. Azure AD client secrets have configurable expiration dates. Set calendar reminders to rotate secrets before they expire, and update your MCP configuration promptly. Consider using Azure Key Vault to manage secrets rather than storing them directly in environment variables.

  4. Scope DevOps queries to specific projects. Azure DevOps organizations can contain many projects with thousands of work items. Always specify the project name when querying work items, pipelines, or repositories to get focused, performant results rather than organization-wide searches.

  5. Monitor API usage through Azure AD sign-in logs. Track how the MCP server's Azure AD application is accessing Microsoft services by reviewing the sign-in logs and audit logs in the Azure portal. This provides visibility into what data the AI assistant is accessing and helps detect any anomalous usage patterns.

Common Issues

"AADSTS70011: Invalid scope" error during authentication. This indicates the requested API permissions have not been configured or consented to in your Azure AD app registration. Navigate to portal.azure.com, find your app registration, go to API Permissions, add the required permissions, and click "Grant admin consent."

Azure DevOps operations return "403 Forbidden". The Azure AD application needs explicit access to your Azure DevOps organization. Go to dev.azure.com > Organization Settings > Azure Active Directory and ensure your app registration has the necessary access. Also verify the PAT or OAuth scope includes the specific DevOps permissions needed.

Microsoft Graph queries return partial data. Graph API responses are paginated by default, returning a limited number of results per request. If you expect more results than are returned, the MCP server may need to follow pagination links. Check whether the server is configured to handle multi-page result sets automatically.

Community

Reviews

Write a review

No reviews yet. Be the first to review this template!

Similar Templates

%

Database MCP Integration

MCP server configuration for connecting Claude Code to PostgreSQL, MySQL, and MongoDB databases. Enables schema inspection, query building, and migration generation.

MCP
21
View β†’
%

Elevenlabs Server

Streamline your workflow with this official, elevenlabs, text, speech. Includes structured workflows, validation checks, and reusable patterns for audio.

MCP
00
View β†’
%

Browser Use Portal

Powerful mcp for server, enables, agents, control. Includes structured workflows, validation checks, and reusable patterns for browser_automation.

MCP
00
View β†’