Outlook MCP | Oauth 2.0 Outlook connector for AI agents

CALL ANY TOOL

List, read, and send Outlook messages, search the mailbox, and navigate folders.

outlook_messages_list

List messages

List Outlook messages with folder, sender, and unread filters.

Parameters

Name

Type

Required

Description

folder

string

Optional

Folder name or ID (default: inbox)

is_read

boolean

Optional

Filter by read status

from

string

Optional

Filter by sender email

limit

integer

Optional

Max messages

outlook_message_get

Get message

outlook_message_send

Send email

outlook_messages_search

Search messages

outlook_folders_list

List folders

Build your Agent

Drop the toolkit in, point it at the user, and your email agent can use Outlook from the first run.

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["outlook"], toolNames: ["outlook_messages_list", "outlook_message_get", "outlook_message_send"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["outlook"], toolNames: ["outlook_messages_list", "outlook_message_get", "outlook_message_send"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["outlook"], toolNames: ["outlook_messages_list", "outlook_message_get", "outlook_message_send"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

Copied

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/outlook",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

Paste any prompt into your agent to start using Outlook.

Search & recall

Copy the prompt

Copied

Find all unread emails from [domain] this week.

Copy the prompt

Copied

Search inbox for [keyword].

Copy the prompt

Copied

List emails from [sender] this month.

Copy the prompt

Copied

Find emails with attachments received today.

Action & replies

Copy the prompt

Copied

Send an email to [address]: [subject] — [body].

Copy the prompt

Copied

Reply to the latest email from [person].

Copy the prompt

Copied

Forward [email] to [address].

Copy the prompt

Copied

Mark all emails from [sender] as read.

Triage & organization

Copy the prompt

Copied

List all folders in my mailbox.

Copy the prompt

Copied

Find emails that need a reply older than 2 days.

Copy the prompt

Copied

Summarize unread emails from enterprise customers.

Copy the prompt

Copied

List emails with invoice or billing in the subject.

SEE HOW AUTH WORKS

Users authorize Outlook once. Their credentials stay vaulted, every call is checked, and every action is logged.

1

Authorize

Your user connects

Outlook

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

Outlook

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

Outlook

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

Outlook

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other email agents and MCP connectors. Working code, live demos, fork what fits.

OPS

Email-to-calendar scheduling agent

Parse scheduling intent from Gmail threads and create Google Calendar events with the right attendees and timezone.

Gmail

Google Calendar

View agent

SALES

Sales call prep agent

Pull Granola notes and Attio contact history to draft a pre-call brief before every sales meeting. Zero rep input.

Granola

Attio

View agent

Why Scalekit

Secure your agent's access. Connectors ship in minutes

Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.

01.

Shared tokens break per-user analytics

A shared token looks fine in a demo. In production every call looks like a service account. Scalekit resolves the real user credential so attribution, audit, and scope stay accurate.

// shared token
 audit → bot_service_account
 user_filter → broken

 // scalekit
 audit → user_abc
 scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

Outlook today. Others tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

Does the agent access Outlook as the user or as a shared key?

As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.

Where is the Outlook oauth 2.0 stored?

In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.

Can I limit what the agent is allowed to do in Outlook?

Yes. Pass a tool name filter to listScopedTools so the email agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Outlook.

What happens when a user revokes Outlook access?

The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.

Does a sent email from the agent appear as sent by the user or as a bot?

As the user. Emails send from the authorizing user's Outlook address with proper From and Reply-To. Audit logs in Microsoft 365 attribute the send to that user, not a service account or bot.

Outlook

Tools your email agent reaches for on Outlook, scoped per user.