Last week I noticed that Merill Fernando published a MCP Server for Entra ID / Graph called Lokka. I wrote earlier this week about MCP https://msandbu.org/making-actions-available-instead-of-apps-with-mcp/ and how it allows actions and APIs to be easier available using natural language.
This allows to get a bunch of commands available from a MCP Host such as Claude desktop (and today OpenAI also announced that they will support the MCP protocol in the ChatGPT App. Now back to Lokka, this allows me to make a bunch of Entra ID resource and commands available directly using GenAI.
Now Lokka takes 5 min to set up! No, I am not kidding.
1: Set up a App Registration in Entra ID and configure the correct permissions as App access.
2: Collect the following information from Entra ID (Tenant_ID, Client_ID and Client_Secret)
3: Configure the following setting in the MCP Host (like Claude desktop app). From the Settings panel, click on Developer. Then click on “Edit Config” which will point you to the file you need to edit in a text editor of your choice. Then add the following like this
{
"mcpServers": {
"Lokka-Microsoft-Graph": {
"command": "npx",
"args": ["-y", "@merill/lokka"],
"env": {
"TENANT_ID": "<tenant-id>",
"CLIENT_ID": "<client-id>",
"CLIENT_SECRET": "<client-secret>"
}
}
}
}
If you have issues with npx command such as with my Mac I had to download the NPM library locally and have this setting defined. If not the config above works.
NOTE: I have deployed this on Mac so I had some issues with Node so I needed to do some cleanup as well.
sudo npm cache clean -f
sudo npm install -g n install n
sudo n stable upgrade
So once that MCP configuration is configured. How does it work? When you reload Claude desktop app it will run the MCP server (Lokka) which the desktop app will set up a client to communicate with the server. The server will then initiate a session to the Microsoft Graph API. You can also see the MCP tool loaded in the Claude app by seeing this “hammer” icon
So when I try to ask the app to find information from Entra I will always be asked to trigger the tool
So the cool part is that I can define complex tasks such as doing multiple tool calls to list users and find users with Global Administrator role
Can I also ask it to reset password for user accounts? Sure! as long as you have the correct permissions set for the App Registration
So a lot of interesting use-cases that open up using the MCP server, even if this is still not an official product it opens up a bunch of different scenarios for helpdesk. Abstracting away the portal and allowing us to use natural language to perform many different tasks.