IT
Install Microsoft 365 from the connector catalog
Step-by-step Entra app registration and Harriet catalog install for the sandboxed Microsoft 365 MCP connector (pinned npx package, per-user OAuth).
- integrations
- mcp
- oauth
- microsoft
Harriet's Microsoft 365 connector catalog entry installs a version-pinned sandboxed npx server (@softeria/ms-365-mcp-server) that calls Microsoft Graph on behalf of each signed-in user. This article walks through Entra app registration and what to enter in the catalog install wizard.
Before you install from the catalog
1. Register an app in Microsoft Entra ID
- Open Azure Portal → Microsoft Entra ID → App registrations → New registration.
- Name the app (for example
Harriet Microsoft 365 MCP). - Supported account types:
- Single tenant — only users in your organisation (use your tenant ID in the optional tenant field during install).
- Multitenant (work/school) — any organisational account (
organizationstenant; Harriet's default).
- Leave the redirect URI blank for now; you will add Harriet's callback after install (see below).
2. Create a client secret
Under Certificates & secrets → New client secret. Copy the Value immediately (it is shown only once). You will paste it into the catalog wizard as the OAuth client secret.
3. Add Microsoft Graph delegated permissions
Under API permissions → Add a permission → Microsoft Graph → Delegated permissions, add the scopes your organisation is willing to grant. The catalog template requests the full org-mode tool surface from @softeria/ms-365-mcp-server@0.118.1 (mail, calendar, Teams, SharePoint, OneDrive, and related Graph APIs).
To see the exact permission list for the pinned package:
npx @softeria/ms-365-mcp-server@0.118.1 --org-mode --list-permissions
Grant admin consent if your tenant requires it.
4. Configure the redirect URI (before install)
Harriet uses one shared OAuth callback for all MCP connectors — you do not need an integration ID. Register this Web redirect URI in Entra:
https://harriethq.com/bots/integrations/mcp/oauth/callback/
In Entra, under Authentication → Add a platform → Web, add that URI. Use Web, not SPA, for the confidential client flow Harriet uses.
Catalog install wizard
From Provisioner → Connectors → Add from catalog → Microsoft 365:
| Step | What to enter |
|---|---|
| OAuth client ID | Application (client) ID from the Entra app overview |
| OAuth client secret | The secret value from step 2 |
| Tenant ID (optional) | Your directory (tenant) GUID, or leave blank to use organizations |
Harriet pre-fills the sandboxed npx command with a pinned package version and --org-mode. You do not need the provisioner.hosted_mcp plan feature for this catalog connector.
After install
- Open Profile → Integrations and connect your own Microsoft account (smoke test).
- On the connector in Company settings → Integrations, run Sync tools.
- Set tool permissions and attach the connector to the right skills and groups.
Per-user tokens are delivered to the server as access token values on the MS365_MCP_OAUTH_TOKEN environment variable. See also Set up OAuth for a sandboxed MCP connector (Google / Microsoft 365) for field-by-field OAuth and $SECRET_KEY guidance.
Upgrading the pinned package version
Harriet bumps the pinned npm version via catalog data migrations. After an upgrade, re-run Sync tools and confirm Entra permissions still match --list-permissions for the new version.
Use Harriet in your organisation for searchable help, AI assistance, and your company knowledge base.
Log in to Harriet