MCP Security Index

Is Microsoft 365 safe to install?

Softeria ยท Productivity ยท stdio (local process)

Access Microsoft 365 mail, calendar, To Do, and Office files.

Fextensive exposureSource
F
Grade
87/100
Blast radius
183
Tools
2
Capabilities

Capabilities

What Microsoft 365 declares it can do

A server's blast radius is the most powerful thing each of its tools can do. This grades the tools it declares, read-only, not whether it is secure.

  • Execute0
  • Delete24
  • Write61
  • Read98
  • highTool declares a high-privilege capabilityร—85
  • mediumTool input schema asks for a credentialร—2

Tools

Every tool Microsoft 365 exposes

183 tools

Control

Govern Microsoft 365 with AxioRank

183 tools

Installed as-is, all 183 of Microsoft 365's tools are callable by your agent without restriction, including any that write, delete, or execute.

Flip the switch to see the policy AxioRank would apply.

Advisories

Informational content flags

Keyword matches in tool descriptions and schemas. These are shown for transparency and are not part of the grade.

  • highSQL DELETE/UPDATE without WHEREร—13
  • highCredential / secret access capabilityร—3
  • highSQL injection
  • mediumEmail addressร—4
  • mediumAdministrative capabilityร—2
  • mediumOversized payload
  • lowLarge field valueร—2

Install

Add Microsoft 365 to your client

Drop this into your MCP client config (Claude Desktop, Cursor, and others).

mcp.json
{
  "mcpServers": {
    "microsoft-365": {
      "command": "npx",
      "args": [
        "-y",
        "@softeria/ms-365-mcp-server"
      ]
    }
  }
}

Embed

Show the grade in your README

Links back to this page and updates when the grade changes.AxioRank grade for Microsoft 365
[![AxioRank MCP Security Index grade for Microsoft 365](https://axiorank.com/api/badge/mcp/microsoft-365.svg)](https://axiorank.com/mcp-index/microsoft-365)

How it works

About this grade

The grade reflects the blast radius of what Microsoft 365 declares it can do, read-only, not whether it is secure or trustworthy, and not a judgment of the vendor. Maintain this server? Claim this listing or request a re-scan. See the methodology.

Email me this scorecard

Get the Microsoft 365 grade in your inbox.

Let your agents use Microsoft 365 safely

Route this server through AxioRank to allowlist its tools, hold risky calls for approval, and keep a signed audit trail of every action.

Start free