Managing Microsoft 365 Tasks with Lokka and Claude AI

In Microsoft 365, administrators have multiple responsibilities like managing users, security groups, permissions, policies and more. Managing bulk tasks through the UI is a time taking process, so people use PowerShell for these tasks using the Microsoft Graph API or exchange online PowerShell.

We can search for commands online or can use AI models like ChatGPT, Claude and more to generate PowerShell commands. Merill Fernando has developed an open-source MCP server known as Lokka. When provided access to your Microsoft 365 tenant, it can be integrated with Claude AI and can help you perform tasks depending on the permissions provided.

In this article we will see how to set up Lokka with Claude AI to access your Microsoft 365 tenant to streamline the tasks.

What is Lokka?

Lokka is a model context protocol server that is developed by Merill Fernando. It uses Microsoft Graph API to access and perform tasks for your Microsoft 365 tenant. It acts as a mediator between AI models and Microsoft Graph or other resources.

Key Features:

• It supports Microsoft Graph API to read and manage information.
• Compatibility with MCP clients like Claude Desktop application, VS code, or other MCP compatible AI models.

It is not a Microsoft product but is developed to demonstrate the power of AI in Microsoft 365. To configure Lokka, we need to create Microsoft Entra application with the necessary permissions.

Configure Lokka for Microsoft 365 Administrative Tasks

To use Lokka with your Microsoft 365, you need to configure both Lokka MCP server and a compatible MCP client like Claude.

Prerequisites

1. Node.js: To run Lokka locally Node.js version 22.10 or higher is required. You need to download and install the node.js.
2. Claude Desktop: The free version of Claude Desktop is fine to use, but it has daily usage limits. Alternatively, you can use VS Code Insider with GitHub Copilot (requires a Pro subscription).
3. Microsoft Entra App: An Entra application is needed for authentication with the Microsoft Graph API.
4. Administrative Access: Admin Access to an M365 tenant.

Create a Microsoft Entra Application and Assign API Permissions

• Visit Microsoft 365 Entra admin center and login with admin credentials.
• Click on Applications then App registrations and then finally click on New Registration.

• Give the application a name like Lokka MCP server and click on the Register.

• Note down the Tenant ID and application (client) ID, as these will be required later.

Generate Client Secret Value

• Click on the Client secret and certificates, then New client secret. Provide description (optional) and click on the Add button.

• Copy the client secret value and note it down.

Provide Microsoft Graph API permissions

• Click on the API permissions then on add a permission. A new side window will open, click on Microsoft Graph under Microsoft APIs.

• In the next window, click on application permissions and choose the permissions that you want to assign like user.read.all or user.readwrite.all. You can choose multiple permissions according to the tasks you want to perform. Once done, click on the Add permissions.

Now our app registration process is done.

Configure Claude Desktop application for Microsoft 365

If you have not installed the Claude desktop application, install it now and run it.

• In the Claude application, visit the setting as shown below.

• Now click on the Developer option and then Edit config.

• Now open the claude_desktop_config.json file and add the below code by changing your tenant id, client id and secret value.

{

    "mcpServers": {

        "Lokka-Microsoft-Graph": {

        "command": "npx",

        "args": ["-y", "@merill/lokka"],

        "env": {

             "TENANT_ID": "tenant-id",

             "CLIENT_ID": "client-id",

             "CLIENT_SECRET": "client-secret"

            }

        }

    }

}

• Save the file after adding the details. Close the Claude app fully. Open task manager and right-click on the Claude app and click on the End Task. It will terminate the process completely.

• Now run the Claude application again, and you will see a hammer icon in the chat box. It means that Lokka MCP server is connected successfully.

Using Lokka for Microsoft 365 Administrative Tasks

You can instruct the Claude to provide details or perform some tasks like:

• How many unused Microsoft 365 licenses do we have?
• List all users with active licenses
• List all shared mailboxes
• Create a new security group called ‘CloudBik Team’
• Assign an E3 license to user [email protected]
• Reset the password for [email protected]

You can instruct any task you want to perform but remember to assign the appropriate permissions to the entra application so that it can perform the required operations.

I have instructed Claude to list all users with active licenses, and the result is below:

Best Practices for Safe Usage of Lokka

• Test in a development tenant to avoid any accidental changes or loss.
• Grant only read only permissions first to check its functionality and once you are confident you can provide write permission.
• Sometimes it can produce inaccurate results depending on your query.
• Check Lokka github repository regularly for any updates as it is in development process.
• Use it with Claude for better accuracy and results.

Conclusion:

In this blog we have described about the Lokka, a MCP server designed to work with mcp clients. It supports Microsoft Graph API and can perform administrative tasks as per the permissions assigned. It makes the administrative task easy as user just need to instruct the model (no scripts required). You can also configure Lokka with your Microsoft 365 tenant as described in this guide. It is best for development environments to avoid any conflicts it is actively developing not a ready model.