Microsoft Cloud — Services Tools
The 24 service tools cover Microsoft 365 surfaces: licensing (subscribed SKUs and per-user assignments), Intune (managed devices, configurations, compliance, apps), Teams (teams, members, channels, apps), SharePoint (sites, lists, drives), OneDrive and SharePoint document libraries, Exchange Online (mailbox settings, mail folders, messages), and usage and Copilot reports.
All tools accept an optional connection_id. Omit it to use the default Entra connection. See entra_connection_list for multi-tenant scenarios.
Licensing
mscloud_service_list_subscribed_skus
Lists all commercial subscriptions (license SKUs) the tenant has acquired. Returns SKU name, ID, consumed and total unit counts, and service plans. Takes only an optional connection_id.
Example prompt.
"List every license SKU the tenant has, with consumed and total units."
mscloud_service_get_user_license_details
Returns license details assigned to a specific user — SKU and enabled service plans. Pass user_id (GUID or UPN).
Example prompt.
"Which licenses does stefan.hayduk@example.com have?"
Intune — Managed Devices, Configurations, Apps
mscloud_service_list_managed_devices
Lists all Intune-managed devices. Filter by operatingSystem, complianceState, or managementAgent. The key tool for endpoint security assessments — identify non-compliant or unmanaged devices.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter, e.g. operatingSystem eq 'Windows'. |
orderby | string | — | OData $orderby. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all Intune-managed devices that are non-compliant."
mscloud_service_get_managed_device
Returns a single Intune-managed device by ID.
| Parameter | Type | Required | Description |
|---|---|---|---|
device_id | string | ✓ | Managed device ID. |
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
Example prompt.
"Show me the full Intune profile for device
<id>."
mscloud_service_list_device_compliance_policies
Lists Intune device compliance policies.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all device compliance policies in Intune."
mscloud_service_list_device_configurations
Lists Intune device configuration profiles.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all device configuration profiles."
mscloud_service_list_detected_apps
Lists apps detected on Intune-managed devices.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List apps detected across all Intune-managed devices."
mscloud_service_list_mobile_apps
Lists managed mobile apps in Intune.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all managed mobile apps in Intune."
Teams
mscloud_service_list_teams
Lists all teams in the tenant (groups with Team resource provisioning). Compose with mscloud_service_list_team_channels, mscloud_service_list_team_members, and mscloud_service_get_team for detailed team analysis.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | Additional OData $filter. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all Teams and flag any with external guest members."
mscloud_service_get_team
Returns details of a specific team — messaging settings, member settings, guest access, and fun settings. Check guest access and external sharing configurations for security.
| Parameter | Type | Required | Description |
|---|---|---|---|
team_id | string | ✓ | Team (group) ID. |
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
Example prompt.
"Show me guest access and external sharing settings for the 'Engineering' Team."
mscloud_service_list_team_members
Lists members of a team. Returns roles (owner, member, guest). Check for guest users and verify ownership assignment.
| Parameter | Type | Required | Description |
|---|---|---|---|
team_id | string | ✓ | Team (group) ID. |
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"Who are the members of the 'Engineering' Team — flag the guests."
mscloud_service_list_team_channels
Lists channels in a team. Includes standard, private, and shared channels. Private and shared channels have separate permissions from the parent team.
| Parameter | Type | Required | Description |
|---|---|---|---|
team_id | string | ✓ | Team (group) ID. |
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
select | string | — | Comma-separated property list. |
Example prompt.
"List all private and shared channels in the 'Engineering' Team."
mscloud_service_list_teams_apps
Lists Teams apps from the app catalog.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all third-party Teams apps in the app catalog."
SharePoint & OneDrive
mscloud_service_list_sites
Searches SharePoint sites by name or URL. Compose with mscloud_service_get_site, mscloud_service_list_site_lists, and mscloud_service_list_drives to audit content and permissions.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
search | string | — | Search query. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"Find SharePoint sites whose name contains 'finance'."
mscloud_service_get_site
Returns a single SharePoint site by ID or path (e.g. contoso.sharepoint.com:/sites/team).
| Parameter | Type | Required | Description |
|---|---|---|---|
site_id | string | ✓ | Site ID or path. |
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
Example prompt.
"Show me the full configuration of the 'Finance' SharePoint site."
mscloud_service_list_site_lists
Lists SharePoint lists in a site.
| Parameter | Type | Required | Description |
|---|---|---|---|
site_id | string | ✓ | Site ID. |
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List all SharePoint lists in this site."
mscloud_service_list_drives
Lists document libraries (drives) in a site.
| Parameter | Type | Required | Description |
|---|---|---|---|
site_id | string | ✓ | Site ID. |
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
Example prompt.
"List all document libraries in this SharePoint site."
mscloud_service_list_drive_items
Lists items (files and folders) inside a drive. Pass an empty path for the root.
| Parameter | Type | Required | Description |
|---|---|---|---|
drive_id | string | ✓ | Drive ID. |
connection_id | string | — | Target Entra tenant. |
path | string | — | Folder path within the drive (e.g. Documents/Reports). |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"List the contents of the 'Reports' folder in this document library."
Exchange Online
mscloud_service_get_mailbox_settings
Returns mailbox settings for a user — auto-reply, time zone, language, and so on. Check auto-reply configurations for information disclosure risks during security reviews.
| Parameter | Type | Required | Description |
|---|---|---|---|
user_id | string | ✓ | User ID or UPN. |
connection_id | string | — | Target Entra tenant. |
Example prompt.
"What auto-reply is currently set for stefan.hayduk@example.com?"
mscloud_service_list_mail_folders
Lists mail folders for a user — folder structure including custom folders, item counts, and unread counts.
| Parameter | Type | Required | Description |
|---|---|---|---|
user_id | string | ✓ | User ID or UPN. |
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
Example prompt.
"Show me the mail folder structure for this user."
mscloud_service_list_messages
Lists mail messages for a user. Useful for investigating phishing attempts or data exfiltration during security assessments. Requires Mail.Read or equivalent permission.
| Parameter | Type | Required | Description |
|---|---|---|---|
user_id | string | ✓ | User ID or UPN. |
connection_id | string | — | Target Entra tenant. |
filter | string | — | OData $filter, e.g. isRead eq false. |
orderby | string | — | OData $orderby, e.g. receivedDateTime desc. |
select | string | — | Comma-separated property list. |
top | number | — | Page size, max 100. |
skiptoken | string | — | From the previous response. |
WARNING
Listing user messages reads private mailbox content. Use only for investigations the caller has authorized, and avoid persisting message bodies into insights or artifacts unless they are essential evidence.
Example prompt.
"Show me unread messages for this user from the last week — subject and sender only."
mscloud_service_get_message
Returns a single mail message by ID — full content including headers, body, and attachment metadata.
| Parameter | Type | Required | Description |
|---|---|---|---|
message_id | string | ✓ | Message ID. |
user_id | string | ✓ | User ID or UPN. |
connection_id | string | — | Target Entra tenant. |
select | string | — | Comma-separated property list. |
Example prompt.
"Show me the full content of message
<id>for this user — I'm investigating a suspected phishing email."
Usage & Copilot Reports
mscloud_service_get_usage_report
Returns a Microsoft 365 usage report as CSV. Common reports include getOffice365ActiveUserDetail, getOffice365ActiveUserCounts, getMailboxUsageDetail, getOneDriveUsageAccountDetail, getSharePointSiteUsageDetail, getTeamsUserActivityUserDetail, getEmailActivityUserDetail, and getOffice365GroupsActivityDetail.
| Parameter | Type | Required | Description |
|---|---|---|---|
report_name | string | ✓ | Report name (see above). |
connection_id | string | — | Target Entra tenant. |
period | string | — | D7, D30, D90, or D180. Default D30. |
Example prompt.
"Get the Microsoft 365 active user report for the last 30 days."
mscloud_service_get_copilot_usage
Returns the Microsoft 365 Copilot per-user usage report (beta API). Shows Copilot actions per user across M365 apps.
| Parameter | Type | Required | Description |
|---|---|---|---|
connection_id | string | — | Target Entra tenant. |
period | string | — | D7, D30, D90, or D180. Default D30. |
Example prompt.
"Show me Copilot adoption across the tenant for the last 90 days."
See Also
For users, groups, directory roles, and PIM, see Microsoft Cloud — Identity. For app registrations, Azure infrastructure, and GDAP, see Microsoft Cloud — Platform. For Conditional Access, sign-ins, Defender, BitLocker, and LAPS, see Microsoft Cloud — Security.