Microsoft Cloud — Platform Tools
The 20 platform tools cover Azure infrastructure (subscriptions, resource groups, resources, costs), tenant metadata (organization, domains), app registrations, governance (access packages, access reviews, entitlement catalogs, lifecycle workflows), and GDAP delegated admin relationships.
All tools accept an optional connection_id. Omit it to use the default Entra connection. See entra_connection_list for multi-tenant scenarios.
Tenant & Organization
mscloud_platform_get_organization
Returns tenant organization details — display name, verified domains, technical contacts, country, and other tenant-level metadata.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
Example prompt.
"What's the basic organization profile for this tenant?"
mscloud_platform_list_domains
Lists domains registered in the tenant. Check verification status, authentication type (managed/federated), and DNS capabilities. Compose with mscloud_platform_get_domain for detailed DNS records.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
Example prompt.
"List all domains in this tenant — flag any that are unverified."
mscloud_platform_get_domain
Returns details of a specific domain — verification status, DNS records, capabilities.
| Parameter | Type | Required | Description |
|---|---|---|---|
domain_id | string | ✓ | Domain name (e.g. contoso.com). |
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
Example prompt.
"Show me full DNS and verification details for example.com."
Azure Subscriptions, Resource Groups & Resources
mscloud_platform_list_subscriptions
Lists Azure subscriptions accessible to the InfraScout service principal. The starting point for any Azure infrastructure assessment. Compose with mscloud_platform_list_resource_groups and mscloud_platform_list_resources. Takes only an optional connection_id.
Example prompt.
"List every Azure subscription connected to InfraScout."
mscloud_platform_list_resource_groups
Lists resource groups in an Azure subscription. Helps understand resource organization and tagging compliance.
| Parameter | Type | Required | Description |
|---|---|---|---|
subscription_id | string | ✓ | Azure subscription ID. |
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all resource groups in the Production subscription."
mscloud_platform_list_resources
Lists all resources in an Azure subscription. Filter by resourceType to focus on specific services. Essential for infrastructure inventory and security review.
| Parameter | Type | Required | Description |
|---|---|---|---|
subscription_id | string | ✓ | Azure subscription ID. |
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter, e.g. resourceType eq 'Microsoft.Compute/virtualMachines'. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all virtual machines in the Production subscription."
mscloud_platform_get_resource
Returns a single Azure resource by its full ARM resource ID. Use a specific api_version if the default does not match the resource type.
| Parameter | Type | Required | Description |
|---|---|---|---|
resource_id | string | ✓ | Full ARM resource ID. |
connection_id | string | — | Target Entra tenant. |
api_version | string | — | ARM API version. Defaults to 2024-03-01. |
Example prompt.
"Show me the full configuration of VM
prod-web-01."
Azure Cost Management
mscloud_platform_query_cost_summary
Returns aggregated cost data grouped by a chosen dimension (e.g. ResourceGroup, ResourceType, ServiceName, MeterCategory). Defaults to the last 30 days.
| Parameter | Type | Required | Description |
|---|---|---|---|
subscription_id | string | ✓ | Azure subscription ID. |
connection_id | string | — | Target Entra tenant. |
from | string | — | YYYY-MM-DD, default 30 days ago. |
to | string | — | YYYY-MM-DD, default today. |
granularity | string | — | None, Daily, or Monthly. Default None. |
group_by | string | — | Default ServiceName. |
Example prompt.
"What did this subscription cost last month, broken down by service?"
The response carries a rows array (each row keyed by the chosen group_by dimension plus Cost and Currency) and the from/to window the data covers.
mscloud_platform_query_cost_details
Detailed cost data for an Azure subscription with flexible grouping by up to two dimensions simultaneously.
| Parameter | Type | Required | Description |
|---|---|---|---|
subscription_id | string | ✓ | Azure subscription ID. |
connection_id | string | — | Target Entra tenant. |
from | string | — | YYYY-MM-DD. |
to | string | — | YYYY-MM-DD. |
granularity | string | — | None, Daily, or Monthly. Default Daily. |
group_by_1 | string | — | First grouping dimension. |
group_by_2 | string | — | Second grouping dimension. |
filter | string | — | Cost Management filter expression. |
Example prompt.
"Show me daily cost for resource group 'prod-web' broken down by service for the last 30 days."
mscloud_platform_get_cost_forecast
Projects costs for the remaining period, grouped by a chosen dimension. None granularity is not supported for forecasts.
| Parameter | Type | Required | Description |
|---|---|---|---|
subscription_id | string | ✓ | Azure subscription ID. |
connection_id | string | — | Target Entra tenant. |
from | string | — | YYYY-MM-DD, default today. |
to | string | — | YYYY-MM-DD, default end of current month. |
granularity | string | — | Daily or Monthly. Default Monthly. |
group_by | string | — | Default ServiceName. |
Example prompt.
"Forecast this subscription's spend for the rest of the month."
App Registrations
mscloud_platform_list_applications
Lists app registrations in the tenant. Audit credential expiry, redirect URIs, and required permissions. Compose with mscloud_platform_get_application for full details and mscloud_identity_list_service_principals to see the corresponding enterprise apps.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all app registrations in this tenant."
mscloud_platform_get_application
Returns a single app registration by object ID — credentials, redirect URIs, API permissions, app properties. Check for expired credentials and overly broad permissions.
| Parameter | Type | Required | Description |
|---|---|---|---|
app_id | string | ✓ | Application object ID (GUID). |
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
Example prompt.
"Show me the full app registration details — flag any expired credentials."
Governance — Access Packages, Access Reviews, Entitlement, Lifecycle
mscloud_platform_list_access_packages
Lists entitlement management access packages.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"Show me any access packages that allow external guest access."
mscloud_platform_list_access_reviews
Lists access review definitions.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all currently scheduled access reviews."
mscloud_platform_list_entitlement_catalogs
Lists entitlement management catalogs.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all entitlement management catalogs."
mscloud_platform_list_lifecycle_workflows
Lists lifecycle workflows. Uses the beta Microsoft Graph API.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all lifecycle workflows configured in the tenant."
GDAP — Delegated Admin Relationships
GDAP tools are essential for partner and MSP audits. They reveal which external partners have admin access, what roles they hold, and the relationship status.
mscloud_platform_list_gdap_relationships
Lists delegated admin relationships (GDAP) for the tenant. Compose with mscloud_platform_list_gdap_access_assignments for role details.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter, e.g. status eq 'active'. |
orderby | string | — | OData $orderby. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all active GDAP relationships."
mscloud_platform_get_gdap_relationship
Returns a single delegated admin relationship by ID.
| Parameter | Type | Required | Description |
|---|---|---|---|
relationship_id | string | ✓ | Delegated admin relationship ID. |
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
Example prompt.
"Show me the full configuration for GDAP relationship
<id>."
mscloud_platform_list_gdap_customers
Lists delegated admin customers for the tenant.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all customers I manage via GDAP."
mscloud_platform_list_gdap_access_assignments
Lists access assignments for a specific delegated admin relationship — which roles the partner holds against the customer.
| Parameter | Type | Required | Description |
|---|---|---|---|
relationship_id | string | ✓ | Delegated admin relationship ID. |
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"What roles does the partner hold under GDAP relationship
<id>?"
See Also
For users, groups, and directory roles, see Microsoft Cloud — Identity. For Conditional Access, sign-ins, Defender, BitLocker, and LAPS, see Microsoft Cloud — Security. For Microsoft 365 surfaces (Teams, SharePoint, Intune, licensing), see Microsoft Cloud — Services.