diff --git a/app/en/references/auth-providers/microsoft/_meta.tsx b/app/en/references/auth-providers/microsoft/_meta.tsx
new file mode 100644
index 000000000..a69ef41a2
--- /dev/null
+++ b/app/en/references/auth-providers/microsoft/_meta.tsx
@@ -0,0 +1,12 @@
+import type { MetaRecord } from "nextra";
+
+const meta: MetaRecord = {
+ index: {
+ title: "Overview",
+ },
+ "permissions-and-scopes": {
+ title: "Permissions and scopes",
+ },
+};
+
+export default meta;
diff --git a/app/en/references/auth-providers/microsoft/page.mdx b/app/en/references/auth-providers/microsoft/page.mdx
index 45dbe3b4c..8260a553e 100644
--- a/app/en/references/auth-providers/microsoft/page.mdx
+++ b/app/en/references/auth-providers/microsoft/page.mdx
@@ -2,48 +2,52 @@ import { Tabs, Callout, Steps } from "nextra/components";
# Microsoft
-
- At this time, Arcade does not offer a default Microsoft Auth Provider. To use
- Microsoft auth, you must create a custom Auth Provider with your own Microsoft
- OAuth 2.0 credentials as described below.
-
+The Microsoft auth provider enables tools and agents to call the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/overview) on behalf of a user. It supports Arcade's MCP servers for [Outlook Calendar](/resources/integrations/productivity/outlook-calendar), [Outlook Mail](/resources/integrations/productivity/outlook-mail), [Microsoft Teams](/resources/integrations/social/microsoft-teams), and [SharePoint](/resources/integrations/productivity/sharepoint), as well as your own custom tools and app code.
-The Microsoft auth provider enables tools and agents to call the Microsoft Graph API on behalf of a user.
+## On this page
-### What's documented here
+- [Configure Microsoft auth](#configure-microsoft-auth) — three options depending on your security posture
+- [Production readiness](#production-readiness) — custom user verifier, admin consent, conditional access
+- [MCP server scopes reference](#mcp-server-scopes-reference) — which permissions each MCP server requires
+- [Use Microsoft auth in app code](#use-microsoft-auth-in-app-code) — get a user token for Graph API calls
+- [Use Microsoft auth in custom tools](#use-microsoft-auth-in-custom-tools) — build tools that call Graph APIs
-This page describes how to use and configure Microsoft auth with Arcade.
+## Configure Microsoft auth
-This auth provider is used by:
+Arcade supports three ways to connect Microsoft auth. Choose based on your team's security requirements and how much control you need over the Azure app registration.
-- Your [app code](#using-microsoft-auth-in-app-code) that needs to call Microsoft Graph APIs
-- Or, your [custom tools](#using-microsoft-auth-in-custom-tools) that need to call Microsoft Graph APIs
+| | Option 1: Included provider | Option 2: Multi-tenant app | Option 3: Tenant-specific app |
+| --- | --- | --- | --- |
+| **Azure setup** | None — Arcade provisions the app | You register in Azure Portal | You register in Azure Portal |
+| **Tenant scope** | Any organization | Any organization | Single tenant only |
+| **Permission control** | Scopes fixed per approval cycle | Full control | Full control |
+| **Branding** | Arcade branding on consent screen | Your app's branding | Your app's branding |
+| **Best for** | Getting started, prototyping | Production with cross-org access | Production with strict tenant isolation |
-## Configuring Microsoft auth
+### Option 1: Use Arcade's included provider
-
- When using your own app credentials, make sure you configure your project to
- use a [custom user
- verifier](/guides/user-facing-agents/secure-auth-production#build-a-custom-user-verifier).
- Without this, your end-users will not be able to use your app or agent in
- production.
-
+The fastest path. Arcade provides a pre-configured Microsoft OAuth app — no Azure app registration required. Your IT or security team approves the app in Microsoft Entra ID, and you're ready to go.
+
+**Trade-off:** The granted scopes are tied to the specific agent use case. If you add MCP servers or tools that require additional permissions, your security team will need to approve the updated scope set.
-In a production environment, you will most likely want to use your own Microsoft app credentials. This way, your users will see your application's name requesting permission.
+
+#### Go to the Arcade Dashboard
-Before showing how to configure your Microsoft app credentials, let's go through the steps to create a Microsoft app.
+Navigate to the [Arcade Dashboard](https://api.arcade.dev/dashboard). If you are self-hosting, the dashboard is available at `http://localhost:9099/dashboard` by default.
-### Create a Microsoft app
+#### Add the included Microsoft provider
-- Follow Microsoft's guide to [registering an app with the Microsoft identity platform](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app)
-- Choose the permissions (scopes) you need for your app. Refer to the [section below](#arcade-microsoft-MCP Servers-scopes) for a list of scopes needed by the Arcade Microsoft MCP Servers, in case you intend to use them.
-- Set the redirect URL to the redirect URL generated by Arcade (see below)
-- Copy the client ID and client secret to use below
+1. Under **Connections**, click **Connected Apps**
+2. Click **+ Add OAuth Provider**
+3. Select the **Included Providers** tab
+4. In the **Provider** dropdown, select **Microsoft**
-Next, add the Microsoft app to Arcade.
-### Arcade Microsoft MCP Servers Scopes
+#### Configure the provider
+1. Choose a unique **ID** for your provider (e.g., `my-microsoft-provider`)
+2. Optionally enter a **Description**
+3. Click **Create**
Below is the list of scopes required by the Arcade Microsoft MCP servers that have integration documentation:
| MCP Server | Required Permissions |
@@ -51,49 +55,166 @@ Below is the list of scopes required by the Arcade Microsoft MCP servers that ha
| [Teams](/resources/integrations/social/microsoft-teams) | `Channel.ReadBasic.All`
`ChannelMessage.Read.All`
`ChannelMessage.Send`
`Chat.Create`
`Chat.Read`
`ChatMessage.Read`
`ChatMessage.Send`
`People.Read`
`Team.ReadBasic.All`
`TeamMember.Read.All`
`User.Read` |
| [SharePoint](/resources/integrations/productivity/microsoft-sharepoint) | `Sites.Read.All` |
-## Configuring your own Microsoft Auth Provider in Arcade
+#### IT / security approval
+Share the app details with your IT or security team. They will need to:
+1. Locate the Arcade app in **Enterprise Applications** in the [Azure Portal](https://portal.azure.com)
+2. Review the requested permissions
+3. Grant admin consent for your organization
-
-
+Once approved, users in your organization can authorize through the standard OAuth flow.
+
+
+
+### Option 2: Register a multi-tenant Azure app
+
+Register your own app in Azure to get full control over branding, permissions, and token policies. This configuration allows users from any Azure AD tenant to authenticate.
+
+
+
+#### Create app registration
+
+1. Go to [Azure Portal](https://portal.azure.com)
+2. Search for **App Registrations**
+3. Click **+ New Registration**
+4. Configure:
+ - **Name:** Your preferred name (e.g., "Acme OAuth App")
+ - **Supported account types:** "Accounts in any organizational directory (Multitenant)"
+ - **Redirect URI:**
+ - **Type:** Web
+ - **URL:** `https://cloud.arcade.dev/api/v1/oauth/XXXXX/callback` (copy from your [Arcade Dashboard](https://api.arcade.dev/dashboard))
+5. Click **Register**
+
+#### Create client secret
+
+1. In your app registration, go to **Certificates & secrets**
+2. Click **+ New client secret**
+3. Add a description (e.g., "Acme Arcade Integration")
+4. Set the expiry period (recommended: 24 months)
+5. Click **Add**
+
+
+ Copy and save the secret value immediately. It won't be shown again.
+
+
+#### Configure API permissions
+
+1. Go to **API permissions** in your app registration
+2. Click **+ Add a permission**
+3. Select **Microsoft Graph**
+4. Select **Delegated permissions**
+5. Add the required scopes based on which MCP servers you're using (see [MCP server scopes reference](#mcp-server-scopes-reference) or the [detailed per-tool breakdown](/references/auth-providers/microsoft/permissions-and-scopes))
+6. Click **Add permissions**
+7. If any permissions require admin consent, click **Grant admin consent for [Your Organization]**
+
+#### Configure in Arcade
+
+1. Go to the [Arcade Dashboard](https://api.arcade.dev/dashboard)
+2. Under **Connections**, click **Connected Apps**
+3. Click **+ Add OAuth Provider**
+4. Select **Microsoft** from the included providers list
+5. Configure:
+ - **Provider ID:** Your preferred identifier (e.g., `acme-microsoft`)
+ - **Client ID:** Copy from Azure App Registration "Application (client) ID"
+ - **Client Secret:** The secret value you saved earlier
+6. Click **Create**
+
+
+
+### Option 3: Register a tenant-specific Azure app
-### Configure Microsoft Auth Using the Arcade Dashboard GUI
+Restrict authentication to a single Microsoft Entra ID tenant. Use this when your organization's security policy requires tenant isolation.
-#### Access the Arcade Dashboard
+#### Get your tenant ID
-To access the Arcade Cloud dashboard, go to [api.arcade.dev/dashboard](https://api.arcade.dev/dashboard). If you are self-hosting, by default the dashboard will be available at http://localhost:9099/dashboard. Adjust the host and port number to match your environment.
+1. Go to [Azure Portal](https://portal.azure.com)
+2. Search for **Microsoft Entra ID** (formerly Azure Active Directory)
+3. On the Overview page, find your **Tenant ID** (a GUID like `12345678-1234-1234-1234-123456789abc`)
+4. Copy and save this Tenant ID
-#### Navigate to the OAuth Providers page
+#### Create app registration
-- Under the **Connections** section of the Arcade Dashboard left-side menu, click **Connected Apps**.
-- Click **Add OAuth Provider** in the top right corner.
-- Select the **Included Providers** tab at the top.
-- In the **Provider** dropdown, select **Microsoft**.
+Follow the same steps as [Option 2](#option-2-register-a-multi-tenant-azure-app), but for **Supported account types**, select:
-#### Enter the provider details
+- "Accounts in this organizational directory only (Single tenant)"
-- Choose a unique **ID** for your provider (e.g. "my-microsoft-provider").
-- Optionally enter a **Description**.
-- Enter the **Client ID** and **Client Secret** from your Microsoft app.
-- Note the **Redirect URL** generated by Arcade. This must be set as your Microsoft app's redirect URL.
+#### Configure API permissions
-#### Create the provider
+Follow the same steps as [Option 2](#configure-api-permissions).
-Hit the **Create** button and the provider will be ready to be used.
+#### Configure in Arcade (custom provider)
+
+Tenant-specific endpoints require the **Custom Provider** option in Arcade:
+
+1. Go to the [Arcade Dashboard](https://api.arcade.dev/dashboard)
+2. Under **Connections**, click **Connected Apps**
+3. Click **+ Add OAuth Provider**
+4. Select **Custom Provider**
+5. Configure:
+ - **Provider ID:** Your preferred identifier (e.g., `acme-microsoft-tenant`)
+ - **Client ID:** Copy from Azure App Registration
+ - **Client Secret:** The secret value you saved
+ - **Authorization Endpoint:** `https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize`
+ - **Token Endpoint:** `https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token`
+ - **Scopes:** `https://graph.microsoft.com/.default offline_access`
+
+ Replace `{tenant-id}` with your actual Tenant ID.
+
+6. Click **Create**
-When you use tools that require Microsoft auth using your Arcade account credentials, Arcade will automatically use this Microsoft OAuth provider. If you have multiple Microsoft providers, see [using multiple auth providers of the same type](/references/auth-providers#using-multiple-providers-of-the-same-type) for more information.
+## Production readiness
-
-
+### Custom user verifier
+
+For Options 2 and 3, where you bring your own Azure app credentials, you must configure a [custom user verifier](/guides/user-facing-agents/secure-auth-production#build-a-custom-user-verifier) before deploying to production.
+
+Without a custom verifier, your end-users would need an Arcade.dev account to complete the OAuth flow — which is not what you want in a production environment. The custom verifier lets your application handle user identity, so the auth flow stays within your own UX.
+
+
+ Production deployments with custom app credentials will not work without a custom user verifier. Set this up before going live.
+
+
+### Enterprise environment configuration
+
+For organizations that require additional security controls beyond the app registration:
+
+1. **Admin consent and conditional access:**
+ - Go to **Enterprise Applications** in Azure Portal
+ - Find your application
+ - Configure conditional access policies as required by your security team
+ - Set up user assignment requirements to control which users can authorize
+ - Grant tenant-wide admin consent if needed
+
+2. **Security team coordination:**
+ - Review the [required permissions per MCP server](#mcp-server-scopes-reference) with your security team before granting consent
+ - Ensure conditional access policies don't block Microsoft Graph API access
+ - Configure token lifetime policies that align with your organization's session management standards
+
+If you have multiple Microsoft providers configured in Arcade, see [using multiple auth providers of the same type](/references/auth-providers#using-multiple-providers-of-the-same-type).
+
+## MCP server scopes reference
+
+Each Arcade Microsoft MCP server requires a specific set of Microsoft Graph API delegated permissions. The table below summarizes the scopes per server. For a detailed breakdown of scopes per tool, including API endpoints, see [permissions and scopes](/references/auth-providers/microsoft/permissions-and-scopes).
+
+| MCP Server | Required Permissions |
+| --- | --- |
+| [Outlook Calendar](/resources/integrations/productivity/outlook-calendar) | `User.Read`, `Calendars.ReadBasic`, `Calendars.ReadWrite`, `MailboxSettings.Read` |
+| [Outlook Mail](/resources/integrations/productivity/outlook-mail) | `Mail.Read`, `Mail.ReadWrite`, `Mail.Send` |
+| [Microsoft Teams](/resources/integrations/social/microsoft-teams) | `User.Read`, `Team.ReadBasic.All`, `TeamMember.Read.All`, `Channel.ReadBasic.All`, `ChannelMessage.Read.All`, `ChannelMessage.Send`, `Chat.Read`, `Chat.Create`, `ChatMessage.Read`, `ChatMessage.Send`, `People.Read` |
+| [SharePoint](/resources/integrations/productivity/sharepoint) | `User.Read`, `Sites.Read.All` |
+
+
+ All Microsoft MCP servers use the default scope `https://graph.microsoft.com/.default`. When running locally or with custom deployments, you can update the base URL to point to your custom Microsoft Graph endpoint. API endpoints remain consistent across deployments.
+
-## Using Microsoft auth in app code
+## Use Microsoft auth in app code
-Use the Microsoft auth provider in your own agents and AI apps to get a user token for Microsoft Graph APIs. See [authorizing agents with Arcade](/get-started/about-arcade) to understand how this works.
+Use the Microsoft auth provider in your agents and AI apps to get a user token for Microsoft Graph APIs. See [authorizing agents with Arcade](/get-started/about-arcade) to understand how this works.
Use `client.auth.start()` to get a user token for Microsoft Graph APIs:
@@ -157,11 +278,11 @@ const token = authResponse.context.token;
-## Using Microsoft auth in custom tools
+## Use Microsoft auth in custom tools
-You can author your own [custom tools](/guides/create-tools/tool-basics/build-mcp-server) that interact with Microsoft Graph APIs.
+You can build your own [custom tools](/guides/create-tools/tool-basics/build-mcp-server) that interact with Microsoft Graph APIs.
-Use the `Microsoft()` auth class to specify that a tool requires authorization with Microsoft. The `context.authorization.token` field will be automatically populated with the user's Microsoft token:
+Use the `Microsoft()` auth class to specify that a tool requires authorization with Microsoft. The `context.authorization.token` field is automatically populated with the user's Microsoft token:
```python {5-6,9-13,20}
from typing import Annotated
diff --git a/app/en/references/auth-providers/microsoft/permissions-and-scopes/page.mdx b/app/en/references/auth-providers/microsoft/permissions-and-scopes/page.mdx
new file mode 100644
index 000000000..43ed0a805
--- /dev/null
+++ b/app/en/references/auth-providers/microsoft/permissions-and-scopes/page.mdx
@@ -0,0 +1,111 @@
+import { Callout } from "nextra/components";
+
+# Microsoft MCP servers: permissions and scopes
+
+This page provides a per-tool reference of every Microsoft Graph API scope required by Arcade's Microsoft MCP servers, along with the API endpoints each tool calls. For auth configuration, see the [Microsoft auth provider overview](/references/auth-providers/microsoft).
+
+All four servers use the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/overview) with base URL `https://graph.microsoft.com/v1.0`, via the Microsoft Graph SDK for Python (`msgraph-sdk`).
+
+## Outlook Calendar
+
+| Tool | Scopes required | API endpoints | Description |
+| --- | --- | --- | --- |
+| `who_am_i` | `User.Read`, `Calendars.ReadBasic` | `/me`, `/me/mailboxSettings` | Get user profile and calendar info |
+| `create_event` | `MailboxSettings.Read`, `Calendars.ReadWrite` | `/me/events` (POST), `/me/mailboxSettings` | Create a calendar event |
+| `get_event` | `MailboxSettings.Read`, `Calendars.ReadBasic` | `/me/events/{id}` (GET), `/me/mailboxSettings` | Get a specific event |
+| `list_events_in_time_range` | `MailboxSettings.Read`, `Calendars.ReadBasic` | `/me/calendar/calendarView` (GET), `/me/mailboxSettings` | List events in a time range |
+
+**All unique scopes:** `User.Read`, `Calendars.ReadBasic`, `Calendars.ReadWrite`, `MailboxSettings.Read`
+
+## Outlook Mail
+
+| Tool | Scopes required | API endpoints | Description |
+| --- | --- | --- | --- |
+| `list_emails` | `Mail.Read` | `/me/messages` (GET) | List emails from mailbox |
+| `list_emails_by_property` | `Mail.Read` | `/me/messages` (GET with filters) | List emails filtered by property |
+| `list_emails_in_folder` | `Mail.Read` | `/me/mailFolders/{id}/messages` (GET) | List emails in a specific folder |
+| `create_draft_email` | `Mail.ReadWrite` | `/me/messages` (POST) | Create a draft email |
+| `update_draft_email` | `Mail.ReadWrite` | `/me/messages/{id}` (PATCH) | Update an existing draft |
+| `create_and_send_email` | `Mail.Send` | `/me/sendMail` (POST) | Create and send an email |
+| `send_draft_email` | `Mail.Send` | `/me/messages/{id}/send` (POST) | Send a draft email |
+| `reply_to_email` | `Mail.Send` | `/me/messages/{id}/reply` (POST) | Reply to an email |
+
+**All unique scopes:** `Mail.Read`, `Mail.ReadWrite`, `Mail.Send`
+
+## Microsoft Teams
+
+| Tool | Scopes required | API endpoints | Description |
+| --- | --- | --- | --- |
+| `who_am_i` | `User.Read` | `/me` | Get user profile information |
+| `get_signed_in_user` | `User.Read` | `/me` (GET) | Get signed-in user details |
+| `list_users` | `User.Read` | `/users` (GET) | List users in tenant |
+| `search_users` | `User.Read` | `/users` (GET with search) | Search for users |
+| `list_teams` | `Team.ReadBasic.All` | `/me/joinedTeams` (GET) | List teams user is member of |
+| `search_teams` | `Team.ReadBasic.All` | `/teams` (GET with filters) | Search for teams |
+| `get_team` | `Team.ReadBasic.All` | `/teams/{id}` (GET) | Get team details |
+| `list_team_members` | `TeamMember.Read.All` | `/teams/{id}/members` (GET) | List members of a team |
+| `search_team_members` | `TeamMember.Read.All` | `/teams/{id}/members` (GET with search) | Search team members |
+| `get_channel_metadata` | `Channel.ReadBasic.All`, `Team.ReadBasic.All` | `/teams/{id}/channels/{id}` (GET) | Get channel metadata |
+| `list_channels` | `Channel.ReadBasic.All`, `Team.ReadBasic.All` | `/teams/{id}/channels` (GET) | List channels in a team |
+| `search_channels` | `Channel.ReadBasic.All`, `Team.ReadBasic.All` | `/teams/{id}/channels` (GET with filters) | Search channels |
+| `get_channel_messages` | `ChannelMessage.Read.All`, `Team.ReadBasic.All` | `/teams/{id}/channels/{id}/messages` (GET) | Get messages from a channel |
+| `get_channel_message_replies` | `ChannelMessage.Read.All`, `Team.ReadBasic.All` | `/teams/{id}/channels/{id}/messages/{id}/replies` (GET) | Get replies to a channel message |
+| `send_message_to_channel` | `ChannelMessage.Send`, `Team.ReadBasic.All` | `/teams/{id}/channels/{id}/messages` (POST) | Send message to channel |
+| `reply_to_channel_message` | `ChannelMessage.Send`, `Team.ReadBasic.All` | `/teams/{id}/channels/{id}/messages/{id}/replies` (POST) | Reply to channel message |
+| `get_chat_message_by_id` | `Chat.Read` | `/me/chats/{id}/messages/{id}` (GET) | Get a chat message |
+| `create_or_get_chat_by_users` | `Chat.Read`, `Chat.Create` | `/me/chats` (GET/POST) | Create or get chat by users |
+| `list_chats` | `Chat.Read` | `/me/chats` (GET) | List user's chats |
+| `get_chat_metadata` | `Chat.Read` | `/me/chats/{id}` (GET) | Get chat metadata |
+| `send_message_to_chat` | `ChatMessage.Send` | `/me/chats/{id}/messages` (POST) | Send message to chat |
+| `reply_to_chat_message` | `ChatMessage.Send` | `/me/chats/{id}/messages/{id}/replies` (POST) | Reply to chat message |
+| `create_chat` | `Chat.Create` | `/chats` (POST) | Create a new chat |
+| `search_messages` | `Chat.Read`, `ChatMessage.Read`, `ChannelMessage.Read.All` | `/search/query` (POST) | Search messages across Teams |
+| `search_people` | `People.Read` | `/me/people` (GET) | Search for people |
+
+**All unique scopes:** `User.Read`, `Team.ReadBasic.All`, `TeamMember.Read.All`, `Channel.ReadBasic.All`, `ChannelMessage.Read.All`, `ChannelMessage.Send`, `Chat.Read`, `Chat.Create`, `ChatMessage.Read`, `ChatMessage.Send`, `People.Read`
+
+## SharePoint
+
+| Tool | Scopes required | API endpoints | Description |
+| --- | --- | --- | --- |
+| `who_am_i` | `User.Read` | `/me` | Get user profile information |
+| `get_site` | `Sites.Read.All` | `/sites/{id}` (GET) | Get SharePoint site details |
+| `list_sites` | `Sites.Read.All` | `/sites` (GET) | List SharePoint sites |
+| `search_sites` | `Sites.Read.All` | `/sites?search={query}` (GET) | Search for sites |
+| `get_page` | `Sites.Read.All` | `/sites/{id}/pages/{id}` (GET) | Get a SharePoint page |
+| `list_pages` | `Sites.Read.All` | `/sites/{id}/pages` (GET) | List pages from a site |
+| `get_lists_from_site` | `Sites.Read.All` | `/sites/{id}/lists` (GET) | Get lists from a site |
+| `get_items_from_list` | `Sites.Read.All` | `/sites/{id}/lists/{id}/items` (GET) | Get items from a list |
+| `get_drives_from_site` | `Sites.Read.All` | `/sites/{id}/drives` (GET) | Get drives from a site |
+| `list_root_items_in_drive` | `Sites.Read.All` | `/sites/{id}/drives/{id}/root/children` (GET) | List root items in drive |
+| `list_items_in_folder` | `Sites.Read.All` | `/sites/{id}/drives/{id}/items/{id}/children` (GET) | List items in folder |
+| `search_drive_items` | `Sites.Read.All` | `/sites/{id}/drives/{id}/root/search(q='{query}')` (GET) | Search drive items |
+
+**All unique scopes:** `User.Read`, `Sites.Read.All`
+
+## Scopes summary
+
+| Scope | Used in | Purpose |
+| --- | --- | --- |
+| `User.Read` | All Microsoft MCP servers | Read user profile information |
+| `Calendars.ReadBasic` | [Outlook Calendar](/resources/integrations/productivity/outlook-calendar) | Read basic calendar information |
+| `Calendars.ReadWrite` | [Outlook Calendar](/resources/integrations/productivity/outlook-calendar) | Read and write calendar events |
+| `MailboxSettings.Read` | [Outlook Calendar](/resources/integrations/productivity/outlook-calendar) | Read mailbox settings (timezone) |
+| `Mail.Read` | [Outlook Mail](/resources/integrations/productivity/outlook-mail) | Read email messages |
+| `Mail.ReadWrite` | [Outlook Mail](/resources/integrations/productivity/outlook-mail) | Read and write email drafts |
+| `Mail.Send` | [Outlook Mail](/resources/integrations/productivity/outlook-mail) | Send email messages |
+| `Team.ReadBasic.All` | [Microsoft Teams](/resources/integrations/social/microsoft-teams) | Read basic team information |
+| `TeamMember.Read.All` | [Microsoft Teams](/resources/integrations/social/microsoft-teams) | Read team members |
+| `Channel.ReadBasic.All` | [Microsoft Teams](/resources/integrations/social/microsoft-teams) | Read basic channel information |
+| `ChannelMessage.Read.All` | [Microsoft Teams](/resources/integrations/social/microsoft-teams) | Read channel messages |
+| `ChannelMessage.Send` | [Microsoft Teams](/resources/integrations/social/microsoft-teams) | Send channel messages |
+| `Chat.Read` | [Microsoft Teams](/resources/integrations/social/microsoft-teams) | Read chat messages |
+| `Chat.Create` | [Microsoft Teams](/resources/integrations/social/microsoft-teams) | Create chats |
+| `ChatMessage.Read` | [Microsoft Teams](/resources/integrations/social/microsoft-teams) | Read chat messages |
+| `ChatMessage.Send` | [Microsoft Teams](/resources/integrations/social/microsoft-teams) | Send chat messages |
+| `People.Read` | [Microsoft Teams](/resources/integrations/social/microsoft-teams) | Read people information |
+| `Sites.Read.All` | [SharePoint](/resources/integrations/productivity/sharepoint) | Read all site collections |
+
+
+ All Microsoft MCP servers use the default scope `https://graph.microsoft.com/.default`. When running locally or with custom deployments, update the base URL to your custom Microsoft Graph endpoint. API endpoints remain consistent across deployments.
+
diff --git a/public/llms.txt b/public/llms.txt
index b332f5cb1..010f43f01 100644
--- a/public/llms.txt
+++ b/public/llms.txt
@@ -1,4 +1,4 @@
-
+
# Arcade
@@ -38,6 +38,7 @@ Arcade delivers three core capabilities: Deploy agents even your security team w
- [LinkedIn](https://docs.arcade.dev/en/references/auth-providers/linkedin): This documentation page provides guidance on configuring and using the LinkedIn authentication provider within Arcade, enabling applications and custom tools to access LinkedIn APIs on behalf of users. It outlines the necessary steps to create a LinkedIn app, set up app credentials, and
- [Mailchimp](https://docs.arcade.dev/en/references/auth-providers/mailchimp): This documentation page provides guidance on configuring the Mailchimp authentication provider for use with Arcade, enabling users to access Mailchimp Marketing APIs through OAuth 2.0. It includes steps for creating a Mailchimp app, registering it, and integrating it with Arcade
- [Microsoft](https://docs.arcade.dev/en/references/auth-providers/microsoft): This documentation page provides guidance on how to create and configure a custom Microsoft Auth Provider for use with Arcade, enabling applications and tools to access the Microsoft Graph API on behalf of users. It outlines the steps for registering a Microsoft app, setting necessary permissions,
+- [Microsoft MCP servers: permissions and scopes](https://docs.arcade.dev/en/references/auth-providers/microsoft/permissions-and-scopes): This documentation page provides a comprehensive reference for the Microsoft Graph API scopes and endpoints required by Arcade's Microsoft MCP servers, specifically for tools related to Outlook Calendar, Outlook Mail, and Microsoft Teams. Users can learn which permissions are necessary for various functionalities, such
- [Middleware](https://docs.arcade.dev/en/references/mcp/python/middleware): This documentation page provides an overview of middleware in the Arcade MCP Python framework, detailing how to intercept and modify requests and responses during processing. It introduces the base `Middleware` class for creating custom middleware, explains the `MiddlewareContext` for managing message data
- [Miro](https://docs.arcade.dev/en/references/auth-providers/miro): This documentation page provides guidance on configuring the Miro authentication provider using OAuth 2.0, enabling users to integrate Miro APIs into their applications or tools. It outlines the steps for creating a Miro app, obtaining necessary credentials, and setting up
- [Notion](https://docs.arcade.dev/en/references/auth-providers/notion): This documentation page provides guidance on configuring and using the Notion authentication provider with Arcade, enabling users to call Notion APIs on behalf of their users. It outlines the steps to create a Notion app, configure OAuth settings in the Arcade dashboard, and