Tool Reference Overview
InfraScout exposes 131 MCP tools across ten functional areas. You normally do not call these tools by name — you describe what you want and Claude selects the right tool. The pages in this section are reference material for when you want to know exactly what is available, what each tool returns, and how it composes with the others.
How to Read These Pages
Every tool entry leads with a short description of what the tool does. Where it matters, a Parameters table documents non-trivial inputs (filters, paging, projections), with required parameters marked. Example prompt shows the natural-language phrasing that typically routes Claude to this tool. Where the response shape is non-obvious — composite payloads, faceted aggregations, or envelopes that signal pagination — a brief sample illustrates the structure.
Trivial single-ID lookups skip the parameter table; the prose names the input field directly. The authoritative schema is what the MCP server returns over the wire — Claude reads that automatically. These pages exist for humans designing workflows, auditing capability surface, or building integrations.
Where two tools work together (such as a list_* plus a get_* pair), the description calls out the companion tool so you can chain them efficiently.
Tool Categories
InfraScout's tools fall into ten groups. The first six operate on InfraScout itself — agents you have deployed, sessions, insights, inventory, playbooks, and authentication. The last four operate on your connected Microsoft cloud tenant and require an Entra connection.
Authentication & Connections
Verify the caller identity and discover which Entra tenants are connected. Two tools.
Read reference →Agents
Enumerate, group, and command the agents installed on your hosts. Thirteen tools covering listing, grouping, and remote execution over shell, PowerShell, WMI, LDAP, and Windows Event Log.
Read reference →Sessions
Open, inspect, and submit assessment sessions that scope every command and finding to a clear boundary. Five tools.
Read reference →Insights
Save, retrieve, list, aggregate, update, and delete the structured findings produced during a session. Six tools.
Read reference →Inventory
Query collected snapshots of host facts, software, services, and certificates across the fleet. Eleven tools.
Read reference →Playbooks
Discover and retrieve the structured assessment playbooks that guide Claude through standardized reviews. Three tools.
Read reference →Microsoft Cloud — Identity
Audit users, groups, service principals, directory roles, administrative units, and PIM eligibility in your Entra tenant. Twenty-two tools.
Read reference →Microsoft Cloud — Platform
Inspect Azure subscriptions, resources, costs, app registrations, GDAP relationships, and entitlement governance. Twenty tools.
Read reference →Microsoft Cloud — Security
Review Conditional Access, sign-ins, Defender for Endpoint, Defender Advanced Hunting (KQL), BitLocker keys, LAPS credentials, risky users, and Secure Score. Twenty-five tools.
Read reference →Microsoft Cloud — Services
Query Microsoft 365 surfaces — Teams, SharePoint, OneDrive, Exchange Online, Intune, licensing, and usage reports. Twenty-four tools.
Read reference →Two Conventions Worth Knowing
Most tool calls flow through one of two helpers, and they show up across every category page.
session_id
Every command that executes on a host runs inside a session. You start one with session_start, then pass the returned session_id to agent_exec_* and to insight_save. The target agent is derived from the session — you never repeat the agent_id once a session is open. Sessions exist so every command, output, and finding has a clear audit boundary; you submit the session for review with session_submit when you are done.
connection_id
Every mscloud_* tool accepts an optional connection_id. Omit it and InfraScout uses the default Entra connection. Pass one when you operate across multiple tenants — for example, an MSP managing several customer tenants through GDAP. Use entra_connection_list to discover which connections are configured.
Permissions
Your role determines which tools you can invoke. The three roles — User, Operator, and Admin — are defined in Connecting Claude. The reference pages do not repeat role requirements per tool; if a call returns an authorization error, your role is the most likely cause.
See Also
The conceptual model behind agents, sessions, insights, and playbooks is described in Key Concepts. For prerequisites and end-to-end walkthroughs, see Quick Start and Running Assessments.