Microsoft 365 as a mailbox provider

inboxmcp now supports Outlook / Exchange Online via OAuth. Authentication runs directly with Microsoft; neither a password nor an app password is stored on the inboxmcp side.

Feature set

• Own mailbox with Microsoft sign-in — sign in through the Microsoft OAuth flow, confirm access. The refresh token is encrypted with an asymmetric envelope scheme before it's stored.
• Shared mailboxes — add a delegate mailbox of a connected Microsoft account without a second sign-in. Before saving, inboxmcp verifies access once via Microsoft Graph; if the check fails, no entry is created.
• Folder hierarchy — nested folders (e.g. Archive/2024/Customers) are correctly resolved in list_folders and every other tool.

MCP tools

Available immediately — Read: list_mailboxes, list_folders, search_mails, read_mail, read_mail_chunk, get_attachment. Write (Premium / Business): draft_mail, edit_draft, create_folder, move_mails. The remaining write tools send_mail, flag_mail and delete_mail are coming across all providers.

Not yet included

• Self-service tenant admin consent for Microsoft 365 organisations
• Shared mailboxes with their own sign-in (without a delegate account)

Both are scheduled on the roadmap. More under Connect Microsoft 365.