cipp-mcp

cipp-mcp

An MCP server for CIPP (Community IT Professionals Platform), enabling MSPs to manage Microsoft 365 tenants, users, policies, and security settings through CIPP's API.

Category
Visit Server

README

CIPP MCP Server

MCP (Model Context Protocol) server for CIPP — the CyberDrain Improved Partner Portal. Provides AI assistants with structured access to CIPP's M365 multi-tenant management capabilities.

Features

  • 37 tools across 11 categories
  • Tenant, user, group, and mailbox management
  • Security: Conditional Access policies, named locations
  • Standards & compliance: BPA, domain health, drift detection
  • License reporting (per-tenant and CSP-wide)
  • Alerts, audit logs, and scheduled tasks
  • GDAP role and invite management
  • Stdio and HTTP transport modes
  • MCP Gateway compatible

Prerequisites

  • Node.js 18+
  • A running CIPP deployment
  • CIPP API Key (generated from CIPP Settings → API Client Management)

Installation

Via npm (once published)

npx cipp-mcp

From source

git clone https://github.com/wyre-technology/cipp-mcp
cd cipp-mcp
npm install
npm run build

Configuration

Set these environment variables (or copy .env.example to .env):

Variable Required Description
CIPP_BASE_URL Yes Your CIPP deployment URL (e.g. https://cipp.yourdomain.com)
CIPP_API_KEY One of Static Bearer token. Use this or the OAuth trio below.
CIPP_TENANT_ID One of Entra tenant ID that owns the CIPP API-client app registration.
CIPP_CLIENT_ID One of OAuth client ID issued by CIPP's API Client Management page.
CIPP_CLIENT_SECRET One of OAuth client secret paired with CIPP_CLIENT_ID.
CIPP_TOKEN_SCOPE No Override OAuth scope (default: <clientId>/.default).
CIPP_TOKEN_URL No Override OAuth token endpoint (sovereign clouds only).
MCP_TRANSPORT No stdio (default) or http
MCP_HTTP_PORT No Port for HTTP mode (default: 8080)
LOG_LEVEL No error, warn, info (default), or debug

Usage with Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "cipp": {
      "command": "node",
      "args": ["/path/to/cipp-mcp/dist/entry.js"],
      "env": {
        "CIPP_BASE_URL": "https://cipp.yourdomain.com",
        "CIPP_API_KEY": "your-api-key"
      }
    }
  }
}

Tools

Category Tools
Tenants list_tenants, get_tenant_details
Users list_users, create_user, edit_user, disable_user, reset_password, reset_mfa, revoke_sessions, offboard_user, bec_check, list_mfa_users, list_user_devices, list_user_groups
Groups list_groups, create_group
Mailboxes list_mailboxes, list_mailbox_permissions, set_out_of_office, set_email_forwarding
Security list_conditional_access_policies, list_named_locations
Standards list_standards, run_standards_check, list_bpa, list_domain_health
Licenses list_licenses, list_csp_licenses
Alerts list_audit_logs, list_alert_queue
GDAP list_gdap_roles, list_gdap_invites
Scheduler list_scheduled_items, add_scheduled_item
Core ping, get_version, list_logs

Authentication Setup

CIPP's API Client Management page provisions an Entra ID app registration and returns an OAuth client ID + client secret (not a long-lived Bearer token). The server exchanges these for a short-lived access token on each request using the OAuth 2.0 client-credentials flow, and caches the token until just before its expiry.

  1. In CIPP, go to Settings → CIPP Settings → Integrations → CIPP-API
  2. Create a new API client
  3. Copy the Client ID and Client Secret — you will not be able to retrieve the secret later
  4. Configure the server:
    CIPP_BASE_URL=https://cipp.yourdomain.com
CIPP_TENANT_ID=<your-entra-tenant-id>
CIPP_CLIENT_ID=<client-id-from-cipp>
CIPP_CLIENT_SECRET=<client-secret-from-cipp>

If you already have a static Bearer token (older CIPP deployments), set CIPP_API_KEY instead and leave the OAuth variables unset. When both are provided, CIPP_API_KEY wins.

License

Apache-2.0 — see LICENSE

Contributing

Issues and PRs welcome. This server is tracked against wyre-technology/msp-claude-plugins#24.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured