Microsoft Outlook
The Microsoft Outlook connector gives AI agents the ability to read, search, send, and manage email through the Microsoft Graph API using OAuth 2.0. With 14 tools covering read, write, and delete operations, it is the most comprehensive email connector in MCPGate. Your credentials are stored encrypted in MCPGate's vault.
Inbox rules can affect all email
outlook_create_rule and outlook_delete_rule modify inbox automation rules that apply to all incoming messages. Always deny these tools in apps that do not explicitly require rule management.Required scopes#
MCPGate requests the following Microsoft Graph OAuth scopes when you connect an Outlook account. All scopes are requested up front.
| Scope | Purpose |
|---|---|
| Mail.Read | Read email messages, folders, and attachments |
| Mail.Send | Send email on behalf of the user |
| Mail.ReadWrite | Move, delete, create drafts, and manage folders |
| MailboxSettings.ReadWrite | Create and manage inbox rules |
Tool reference#
The Outlook connector exposes 14 tools: 5 read, 7 write, and 2 delete.
| Tool | Category | Description |
|---|---|---|
| outlook_read_email | read | Read a specific email by ID |
| outlook_search_emails | read | Search emails using a query string |
| outlook_list_folders | read | List all mail folders |
| outlook_list_rules | read | List inbox message rules |
| outlook_get_attachment | read | Get attachments from an email message |
| outlook_send_email | write | Send a new email |
| outlook_reply_to_email | write | Reply to an email |
| outlook_forward_email | write | Forward an email to new recipients |
| outlook_move_email | write | Move an email to a different folder |
| outlook_create_folder | write | Create a new mail folder |
| outlook_create_rule | write | Create a new inbox message rule |
| outlook_create_draft | write | Create a draft email |
| outlook_delete_email | delete | Delete an email message |
| outlook_delete_rule | delete | Delete an inbox message rule |
Common guardrail recipes#
Read-only access#
Enable only the five read tools. Deny all write and delete tools. This is the safest configuration for agents that only need to retrieve, search, and summarise email.
Send and read (no rules, no delete)#
Use the built-in send_and_read preset. It allows all read tools plus outlook_send_email, outlook_reply_to_email, outlook_forward_email, and outlook_create_draft. All other write and delete tools — including inbox rules and folder management — are denied.
Block email to external domains#
Apply the allow_domains template to outlook_send_email, outlook_reply_to_email, and outlook_forward_email. Configure it with your company domain so the AI can only send to internal addresses.
Troubleshooting#
- AADSTS error on connect — The Microsoft account may require admin consent for Graph API scopes, especially in an enterprise tenant. Ask your M365 admin to grant consent for the MCPGate app registration.
- Send fails with 403 — Ensure
Mail.Sendwas granted during OAuth authorisation. If it was not, disconnect and reconnect the Outlook connector. - Search returns no results —
outlook_search_emailsuses Microsoft Graph OData query syntax. Ensure your query string is valid. Example:subject:invoice from:vendor@example.com.