Getting Started with Lokka: Connect AI to Microsoft 365 via Model Context Protocol

What is Lokka?

The prolific Merill Fernando (visit his website to see some of his work), built a Model Context Protocol (MCP) server for interacting with Microsoft 365 through Microsoft Graph. In this post, I'll walk you through what the MCP protocol is, what Lokka is, and how to get started with it. While I'll cover MCP briefly here, we may dive deeper into this topic in a future post.

The Model Context Protocol

The Model Context Protocol was developed by Anthropic (the company behind Claude) to provide a standardised way to provide context to large language models (LLMs), like GPT-5, Grok, or Claude. This enables developers to create AI agents that can interact with specific applications in a modular way.

Most people have by now developed workflows that incorporate AI into their work. If you're interfacing with LLMs through chatbots, you typically need to provide context by describing what you want to do, wait for the AI's response, and then execute the actions yourself. While developers can write agents that integrate directly with applications, these integrations are usually hardcoded and specific to their targets. For example, if an agent needs to connect to both a web API and a database, those two connections would be built into the agent's capabilities.

With MCP, these integrations become swappable and plug-and-play. This is why many people describe MCP as being for AI what the USB protocol is for hardware. Instead of agents with hardcoded integrations, you have generic MCP hosts that can connect to different types of MCP servers through standardized MCP clients.

💡 Key Insight: MCP transforms AI integrations from hardcoded, application-specific connections into modular, reusable components that can work with any MCP-compatible host.

MCP Host

This is an AI application that manages MCP client connections and forwards queries to an LLM.

⚠️ Note: On the internet, you'll find that people often refer to MCP hosts as MCP clients. For example, Claude Desktop is technically an MCP host, but people commonly call it an MCP client.

MCP Client

An MCP client is the functional component that actually connects to an MCP server and exposes context and functionality to the MCP host.

MCP Server

This is the software component that provides context to MCP clients (and in turn to the MCP host). An MCP server can expose three types of primitives:

1. Tools expose functions that the MCP host can call to perform actions on systems you wish to integrate, like the file system, Entra ID, Confluence, etc.
2. Resources are data sources that provide information to the MCP host, like files or database records.
3. Prompts are templates that you can provide to the MCP host. These are especially useful for providing system prompts that might be necessary to improve integration performance or to provide examples.

Let us now switch gears to a more practical example with Lokka.

How to Install Lokka

Prerequisites

First, you need an MCP host to connect to the MCP server. The easiest way to get started is by installing Claude Desktop (which you can download here). Any other MCP host should work too. Another popular option is Visual Studio Code with GitHub Copilot.

The second and final prerequisite is installing Node.js to run the Lokka server.

To install on Windows, open an admin PowerShell and run:

winget install --Id OpenJS.NodeJS.LTS

On macOS, run the following commands:

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash

\. "$HOME/.nvm/nvm.sh"

nvm install 22

Check the installation by running:

node --version

You should get the LTS version you just installed: v22.18.0 (as of the writing of this post).

Running the MCP Server

🤔 Understanding MCP Server Startup: This can be confusing for newcomers. Unlike traditional servers that run independently, MCP servers are started by the MCP host. You provide the host with configuration details about how to start the server, and the host handles the rest.

We need to configure exactly this for Lokka. There are several authentication modes you can run Lokka in:

1. Interactive: Opens a web browser for authentication. You can interactively broaden API permission scope and use the default application or create your own. If you choose the latter, you'll need to create a new app registration and grant admin consent. Find more details here .
2. App-only: Authenticates using client credentials. Requires creating an app registration and granting necessary permissions. You must provide your certificate or client secret. Permissions cannot be dynamically expanded like in interactive mode. More details here .
3. Token: Grants access using access tokens directly. This is mostly relevant for developers.

For this example, I'll use the interactive auth method with the default app and Claude Desktop as my MCP host.

In Claude Desktop:

1. Press Ctrl + , to enter settings (Cmd + , on macOS). Look for the Developer options.
2. Find the Developer options and click on Edit config.

3. Open claude_desktop_config.json in your editor of choice and add the following:

{
  "mcpServers": {
    "Lokka": {
      "command": "npx",
      "args": ["-y", "@merill/lokka"]
    }
  }
}

4. Restart Claude Desktop.

⚠️ Important: On Windows, it's not enough to just close the window—you must also close the application from the system tray.

5. When you start Claude Desktop the next time, you'll be asked to log in with your admin account. After successful login, Claude will be able to give you information and perform actions through the Graph API, enabling the agent to interact on your behalf with Entra ID, Intune, Exchange, and more.

✅ Success Indicator: If everything is configured correctly, you should see Lokka listed as an available MCP server in Claude Desktop, and you'll be prompted for Microsoft 365 authentication on first use.

What's Next?

Now that you have a functioning AI application able to connect to your Azure/M365 tenant, what will you do? The sky is the limit, but here are some things to try out:

1. "Get a list of all guests that have not logged on in more than three months."
2. "How many non-compliant devices do I have in my tenant?"
3. "Is there an NSG rule blocking outbound traffic from VM1?"
4. "Change Benito Rodriguez's last name to Garcia."

🚀 Pro Tip: Start with read-only queries to familiarize yourself with the system before attempting any modifications to your environment.

Final Thoughts

Keep in mind how powerful this tool is. This also makes it very dangerous. Regardless of what mode you end up using, you must be very mindful of what API permissions you're granting and what actions you're allowing.

⚠️ Security Warning: Be extremely careful with the permissions you grant and store your secrets securely. Consider starting with minimal permissions and expanding as needed.

🎯 Key Takeaway: Lokka represents the future of AI-driven IT administration—powerful, flexible, but requiring careful consideration of security implications.

That said, have fun exploring the possibilities!