@softeria/ms-365-mcp-server 0.28.3 → 0.30.0

package/.env.example

@@ -10,7 +10,10 @@ MS365_MCP_CLIENT_SECRET=your-azure-ad-app-client-secret-here
 # Tenant ID - use "common" for multi-tenant or your specific tenant ID
 MS365_MCP_TENANT_ID=common
 
-# Instructions:
+# Cloud environment: global (default) or china (21Vianet)
+# MS365_MCP_CLOUD_TYPE=global
+
+# Instructions for Global Cloud:
 # 1. Go to https://portal.azure.com
 # 2. Navigate to Azure Active Directory → App registrations → New registration
 # 3. Set name: "MS365 MCP Server"
@@ -23,6 +26,12 @@ MS365_MCP_TENANT_ID=common
 # 7. Replace the values above with your actual credentials
 # 8. Rename this file to .env
 
+# Instructions for China Cloud (21Vianet):
+# 1. Go to https://portal.azure.cn
+# 2. Navigate to Azure Active Directory → App registrations → New registration
+# 3. Follow the same steps as above
+# 4. Set MS365_MCP_CLOUD_TYPE=china
+
 # -------------------------------------------------------------------
 # Azure Key Vault Integration (Optional)
 # -------------------------------------------------------------------
@@ -35,6 +44,7 @@ MS365_MCP_TENANT_ID=common
 #   - ms365-mcp-client-id     (required)
 #   - ms365-mcp-tenant-id     (optional, defaults to "common")
 #   - ms365-mcp-client-secret (optional)
+#   - ms365-mcp-cloud-type    (optional, defaults to "global")
 #
 # Authentication uses DefaultAzureCredential, which supports:
 #   - Managed Identity (recommended for Azure Container Apps)

package/README.md

@@ -7,6 +7,15 @@ Microsoft 365 MCP Server
 A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Microsoft Office services through the Graph
 API.
 
+## Supported Clouds
+
+This server supports multiple Microsoft cloud environments:
+
+| Cloud                | Description                        | Auth Endpoint             | Graph API Endpoint              |
+| -------------------- | ---------------------------------- | ------------------------- | ------------------------------- |
+| **Global** (default) | International Microsoft 365        | login.microsoftonline.com | graph.microsoft.com             |
+| **China** (21Vianet) | Microsoft 365 operated by 21Vianet | login.chinacloudapi.cn    | microsoftgraph.chinacloudapi.cn |
+
 ## Prerequisites
 
 - Node.js >= 20 (recommended)
@@ -188,9 +197,9 @@ Test login in Claude Desktop:
 
 ### Claude Desktop
 
-To add this MCP server to Claude Desktop:
+To add this MCP server to Claude Desktop, edit the config file under Settings > Developer.
 
-Edit the config file under Settings > Developer:
+#### Personal Account (MSA)
 
 ```json
 {
@@ -203,12 +212,60 @@ Edit the config file under Settings > Developer:
 }
 ```
 
+#### Work/School Account (Global)
+
+```json
+{
+  "mcpServers": {
+    "ms365": {
+      "command": "npx",
+      "args": ["-y", "@softeria/ms-365-mcp-server", "--org-mode"]
+    }
+  }
+}
+```
+
+#### Work/School Account (China 21Vianet)
+
+```json
+{
+  "mcpServers": {
+    "ms365-china": {
+      "command": "npx",
+      "args": ["-y", "@softeria/ms-365-mcp-server", "--org-mode", "--cloud", "china"]
+    }
+  }
+}
+```
+
 ### Claude Code CLI
 
+#### Personal Account (MSA)
+
 ```bash
 claude mcp add ms365 -- npx -y @softeria/ms-365-mcp-server
 ```
 
+#### Work/School Account (Global)
+
+```bash
+# macOS/Linux
+claude mcp add ms365 -- npx -y @softeria/ms-365-mcp-server --org-mode
+
+# Windows (use cmd /c wrapper)
+claude mcp add ms365 -s user -- cmd /c "npx -y @softeria/ms-365-mcp-server --org-mode"
+```
+
+#### Work/School Account (China 21Vianet)
+
+```bash
+# macOS/Linux
+claude mcp add ms365-china -- npx -y @softeria/ms-365-mcp-server --org-mode --cloud china
+
+# Windows (use cmd /c wrapper)
+claude mcp add ms365-china -s user -- cmd /c "npx -y @softeria/ms-365-mcp-server --org-mode --cloud china"
+```
+
 For other interfaces that support MCPs, please refer to their respective documentation for the correct
 integration method.
 
@@ -364,6 +421,7 @@ The following options can be used when running ms-365-mcp-server directly from t
 --org-mode        Enable organization/work mode from start (includes Teams, SharePoint, etc.)
 --work-mode       Alias for --org-mode
 --force-work-scopes Backwards compatibility alias for --org-mode (deprecated)
+--cloud <type>    Microsoft cloud environment: global (default) or china (21Vianet)
 ```
 
 ### Server Options
@@ -390,6 +448,7 @@ Environment variables:
 - `MS365_MCP_ORG_MODE=true|1`: Enable organization/work mode (alternative to --org-mode flag)
 - `MS365_MCP_FORCE_WORK_SCOPES=true|1`: Backwards compatibility for MS365_MCP_ORG_MODE
 - `MS365_MCP_OUTPUT_FORMAT=toon`: Enable TOON output format (alternative to --toon flag)
+- `MS365_MCP_CLOUD_TYPE=global|china`: Microsoft cloud environment (alternative to --cloud flag)
 - `LOG_LEVEL`: Set logging level (default: 'info')
 - `SILENT=true|1`: Disable console output
 - `MS365_MCP_CLIENT_ID`: Custom Azure app client ID (defaults to built-in app)

package/dist/auth.js

@@ -4,6 +4,7 @@ import fs, { existsSync, readFileSync } from "fs";
 import { fileURLToPath } from "url";
 import path from "path";
 import { getSecrets } from "./secrets.js";
+import { getCloudEndpoints, getDefaultClientId } from "./cloud-config.js";
 let keytar = null;
 async function getKeytar() {
   if (keytar === void 0) {
@@ -36,10 +37,11 @@ const FALLBACK_DIR = path.dirname(fileURLToPath(import.meta.url));
 const FALLBACK_PATH = path.join(FALLBACK_DIR, "..", ".token-cache.json");
 const SELECTED_ACCOUNT_PATH = path.join(FALLBACK_DIR, "..", ".selected-account.json");
 function createMsalConfig(secrets) {
+  const cloudEndpoints = getCloudEndpoints(secrets.cloudType);
   return {
     auth: {
-      clientId: secrets.clientId || "084a3e9f-a9f4-43f7-89f9-d229cf97853e",
-      authority: `https://login.microsoftonline.com/${secrets.tenantId || "common"}`
+      clientId: secrets.clientId || getDefaultClientId(secrets.cloudType),
+      authority: `${cloudEndpoints.authority}/${secrets.tenantId || "common"}`
     }
   };
 }
@@ -299,7 +301,9 @@ class AuthManager {
       }
       logger.info("Token retrieved successfully, testing Graph API access...");
       try {
-        const response = await fetch("https://graph.microsoft.com/v1.0/me", {
+        const secrets = await getSecrets();
+        const cloudEndpoints = getCloudEndpoints(secrets.cloudType);
+        const response = await fetch(`${cloudEndpoints.graphApi}/v1.0/me`, {
           headers: {
             Authorization: `Bearer ${token}`
           }

package/dist/cli.js

@@ -23,7 +23,7 @@ program.name("ms-365-mcp-server").description("Microsoft 365 MCP Server").versio
 ).option("--list-presets", "List all available presets and exit").option(
   "--org-mode",
   "Enable organization/work mode from start (includes Teams, SharePoint, etc.)"
-).option("--work-mode", "Alias for --org-mode").option("--force-work-scopes", "Backwards compatibility alias for --org-mode (deprecated)").option("--toon", "(experimental) Enable TOON output format for 30-60% token reduction").option("--discovery", "Enable runtime tool discovery and loading (experimental feature)");
+).option("--work-mode", "Alias for --org-mode").option("--force-work-scopes", "Backwards compatibility alias for --org-mode (deprecated)").option("--toon", "(experimental) Enable TOON output format for 30-60% token reduction").option("--discovery", "Enable runtime tool discovery and loading (experimental feature)").option("--cloud <type>", "Microsoft cloud environment: global (default) or china (21Vianet)");
 function parseArgs() {
   program.parse();
   const options = program.opts();
@@ -65,6 +65,9 @@ function parseArgs() {
   if (process.env.MS365_MCP_OUTPUT_FORMAT === "toon") {
     options.toon = true;
   }
+  if (options.cloud) {
+    process.env.MS365_MCP_CLOUD_TYPE = options.cloud;
+  }
   return options;
 }
 export {

package/dist/cloud-config.js

@@ -0,0 +1,49 @@
+const CLOUD_ENDPOINTS = {
+  global: {
+    authority: "https://login.microsoftonline.com",
+    graphApi: "https://graph.microsoft.com",
+    portal: "https://portal.azure.com"
+  },
+  china: {
+    authority: "https://login.chinacloudapi.cn",
+    graphApi: "https://microsoftgraph.chinacloudapi.cn",
+    portal: "https://portal.azure.cn"
+  }
+};
+const DEFAULT_CLIENT_IDS = {
+  global: "084a3e9f-a9f4-43f7-89f9-d229cf97853e",
+  china: "f3e61a6e-bc26-4281-8588-2c7359a02141"
+};
+function getDefaultClientId(cloudType = "global") {
+  return DEFAULT_CLIENT_IDS[cloudType];
+}
+function getCloudEndpoints(cloudType = "global") {
+  const endpoints = CLOUD_ENDPOINTS[cloudType];
+  if (!endpoints) {
+    throw new Error(
+      `Unknown cloud type: ${cloudType}. Valid values: ${Object.keys(CLOUD_ENDPOINTS).join(", ")}`
+    );
+  }
+  return endpoints;
+}
+function isValidCloudType(value) {
+  return value in CLOUD_ENDPOINTS;
+}
+function parseCloudType(value) {
+  if (!value) return "global";
+  const normalized = value.toLowerCase().trim();
+  if (!isValidCloudType(normalized)) {
+    throw new Error(
+      `Invalid cloud type: ${value}. Valid values: ${Object.keys(CLOUD_ENDPOINTS).join(", ")}`
+    );
+  }
+  return normalized;
+}
+export {
+  CLOUD_ENDPOINTS,
+  DEFAULT_CLIENT_IDS,
+  getCloudEndpoints,
+  getDefaultClientId,
+  isValidCloudType,
+  parseCloudType
+};

package/dist/generated/client.js

@@ -662,8 +662,8 @@ const microsoft_graph_driveItem = z.object({
   webUrl: z.string().describe(
     "URL that either displays the resource in the browser (for Office file formats), or is a direct link to the file (for other formats). Read-only."
   ).nullish(),
-  createdByUser: microsoft_graph_user.describe("[Note: Simplified from 133 properties to 25 most common ones]").optional(),
-  lastModifiedByUser: microsoft_graph_user.describe("[Note: Simplified from 133 properties to 25 most common ones]").optional(),
+  createdByUser: microsoft_graph_user.describe("[Note: Simplified from 135 properties to 25 most common ones]").optional(),
+  lastModifiedByUser: microsoft_graph_user.describe("[Note: Simplified from 135 properties to 25 most common ones]").optional(),
   audio: microsoft_graph_audio.optional(),
   bundle: microsoft_graph_bundle.optional(),
   cTag: z.string().describe(
@@ -1759,9 +1759,10 @@ const microsoft_graph_listItem = z.object({
   webUrl: z.string().describe(
     "URL that either displays the resource in the browser (for Office file formats), or is a direct link to the file (for other formats). Read-only."
   ).nullish(),
-  createdByUser: microsoft_graph_user.describe("[Note: Simplified from 133 properties to 25 most common ones]").optional(),
-  lastModifiedByUser: microsoft_graph_user.describe("[Note: Simplified from 133 properties to 25 most common ones]").optional(),
+  createdByUser: microsoft_graph_user.describe("[Note: Simplified from 135 properties to 25 most common ones]").optional(),
+  lastModifiedByUser: microsoft_graph_user.describe("[Note: Simplified from 135 properties to 25 most common ones]").optional(),
   contentType: microsoft_graph_contentTypeInfo.optional(),
+  deleted: microsoft_graph_deleted.optional(),
   sharepointIds: microsoft_graph_sharepointIds.optional(),
   analytics: microsoft_graph_itemAnalytics.optional(),
   documentSetVersions: z.array(microsoft_graph_documentSetVersion).describe("Version information for a document set version created by a user.").optional(),
@@ -1879,8 +1880,8 @@ const microsoft_graph_list = z.lazy(
     webUrl: z.string().describe(
       "URL that either displays the resource in the browser (for Office file formats), or is a direct link to the file (for other formats). Read-only."
     ).nullish(),
-    createdByUser: microsoft_graph_user.describe("[Note: Simplified from 133 properties to 25 most common ones]").optional(),
-    lastModifiedByUser: microsoft_graph_user.describe("[Note: Simplified from 133 properties to 25 most common ones]").optional(),
+    createdByUser: microsoft_graph_user.describe("[Note: Simplified from 135 properties to 25 most common ones]").optional(),
+    lastModifiedByUser: microsoft_graph_user.describe("[Note: Simplified from 135 properties to 25 most common ones]").optional(),
     displayName: z.string().describe("The displayable title of the list.").nullish(),
     list: microsoft_graph_listInfo.optional(),
     sharepointIds: microsoft_graph_sharepointIds.optional(),
@@ -1911,8 +1912,8 @@ const microsoft_graph_drive = z.lazy(
     webUrl: z.string().describe(
       "URL that either displays the resource in the browser (for Office file formats), or is a direct link to the file (for other formats). Read-only."
     ).nullish(),
-    createdByUser: microsoft_graph_user.describe("[Note: Simplified from 133 properties to 25 most common ones]").optional(),
-    lastModifiedByUser: microsoft_graph_user.describe("[Note: Simplified from 133 properties to 25 most common ones]").optional(),
+    createdByUser: microsoft_graph_user.describe("[Note: Simplified from 135 properties to 25 most common ones]").optional(),
+    lastModifiedByUser: microsoft_graph_user.describe("[Note: Simplified from 135 properties to 25 most common ones]").optional(),
     driveType: z.string().describe(
       "Describes the type of drive represented by this resource. OneDrive personal drives return personal. OneDrive for Business returns business. SharePoint document libraries return documentLibrary. Read-only."
     ).nullish(),
@@ -3166,8 +3167,8 @@ const microsoft_graph_baseItem = z.object({
   webUrl: z.string().describe(
     "URL that either displays the resource in the browser (for Office file formats), or is a direct link to the file (for other formats). Read-only."
   ).nullish(),
-  createdByUser: microsoft_graph_user.describe("[Note: Simplified from 133 properties to 25 most common ones]").optional(),
-  lastModifiedByUser: microsoft_graph_user.describe("[Note: Simplified from 133 properties to 25 most common ones]").optional()
+  createdByUser: microsoft_graph_user.describe("[Note: Simplified from 135 properties to 25 most common ones]").optional(),
+  lastModifiedByUser: microsoft_graph_user.describe("[Note: Simplified from 135 properties to 25 most common ones]").optional()
 }).strict();
 const microsoft_graph_site = z.object({
   id: z.string().describe("The unique identifier for an entity. Read-only.").optional(),
@@ -3188,8 +3189,8 @@ const microsoft_graph_site = z.object({
   webUrl: z.string().describe(
     "URL that either displays the resource in the browser (for Office file formats), or is a direct link to the file (for other formats). Read-only."
   ).nullish(),
-  createdByUser: microsoft_graph_user.describe("[Note: Simplified from 133 properties to 25 most common ones]").optional(),
-  lastModifiedByUser: microsoft_graph_user.describe("[Note: Simplified from 133 properties to 25 most common ones]").optional(),
+  createdByUser: microsoft_graph_user.describe("[Note: Simplified from 135 properties to 25 most common ones]").optional(),
+  lastModifiedByUser: microsoft_graph_user.describe("[Note: Simplified from 135 properties to 25 most common ones]").optional(),
   isPersonalSite: z.boolean().describe("Identifies whether the site is personal or not. Read-only.").nullish(),
   root: microsoft_graph_root.optional(),
   sharepointIds: microsoft_graph_sharepointIds.optional(),

package/dist/graph-client.js

@@ -1,6 +1,7 @@
 import logger from "./logger.js";
 import { refreshAccessToken } from "./lib/microsoft-auth.js";
 import { encode as toonEncode } from "@toon-format/toon";
+import { getCloudEndpoints } from "./cloud-config.js";
 class GraphClient {
   constructor(authManager, secrets, outputFormat = "json") {
     this.accessToken = null;
@@ -81,14 +82,21 @@ class GraphClient {
     } else {
       logger.info("GraphClient: Refreshing token with public client");
     }
-    const response = await refreshAccessToken(refreshToken, clientId, clientSecret, tenantId);
+    const response = await refreshAccessToken(
+      refreshToken,
+      clientId,
+      clientSecret,
+      tenantId,
+      this.secrets.cloudType
+    );
     this.accessToken = response.access_token;
     if (response.refresh_token) {
       this.refreshToken = response.refresh_token;
     }
   }
   async performRequest(endpoint, accessToken, options) {
-    const url = `https://graph.microsoft.com/v1.0${endpoint}`;
+    const cloudEndpoints = getCloudEndpoints(this.secrets.cloudType);
+    const url = `${cloudEndpoints.graphApi}/v1.0${endpoint}`;
     const headers = {
       Authorization: `Bearer ${accessToken}`,
       "Content-Type": "application/json",

package/dist/graph-tools.js

@@ -251,7 +251,10 @@ function registerGraphTools(server, graphClient, readOnly = false, enabledToolsP
         paramSchema,
         {
           title: tool.alias,
-          readOnlyHint: tool.method.toUpperCase() === "GET"
+          readOnlyHint: tool.method.toUpperCase() === "GET",
+          destructiveHint: ["POST", "PATCH", "DELETE"].includes(tool.method.toUpperCase()),
+          openWorldHint: true
+          // All tools call Microsoft Graph API
         },
         async (params) => executeGraphTool(tool, endpointConfig, graphClient, params)
       );
@@ -295,7 +298,9 @@ function registerDiscoveryTools(server, graphClient, readOnly = false, orgMode =
     },
     {
       title: "search-tools",
-      readOnlyHint: true
+      readOnlyHint: true,
+      openWorldHint: true
+      // Searches Microsoft Graph API tools
     },
     async ({ query, category, limit = 20 }) => {
       const maxLimit = Math.min(limit, 50);
@@ -348,7 +353,11 @@ function registerDiscoveryTools(server, graphClient, readOnly = false, orgMode =
     },
     {
       title: "execute-tool",
-      readOnlyHint: false
+      readOnlyHint: false,
+      destructiveHint: true,
+      // Can execute any tool, including write operations
+      openWorldHint: true
+      // Executes against Microsoft Graph API
     },
     async ({ tool_name, parameters = {} }) => {
       const toolData = toolsRegistry.get(tool_name);

package/dist/lib/microsoft-auth.js

@@ -1,4 +1,5 @@
 import logger from "../logger.js";
+import { getCloudEndpoints } from "../cloud-config.js";
 const microsoftBearerTokenAuthMiddleware = (req, res, next) => {
   const authHeader = req.headers.authorization;
   if (!authHeader || !authHeader.startsWith("Bearer ")) {
@@ -13,7 +14,8 @@ const microsoftBearerTokenAuthMiddleware = (req, res, next) => {
   };
   next();
 };
-async function exchangeCodeForToken(code, redirectUri, clientId, clientSecret, tenantId = "common", codeVerifier) {
+async function exchangeCodeForToken(code, redirectUri, clientId, clientSecret, tenantId = "common", codeVerifier, cloudType = "global") {
+  const cloudEndpoints = getCloudEndpoints(cloudType);
   const params = new URLSearchParams({
     grant_type: "authorization_code",
     code,
@@ -26,7 +28,7 @@ async function exchangeCodeForToken(code, redirectUri, clientId, clientSecret, t
   if (codeVerifier) {
     params.append("code_verifier", codeVerifier);
   }
-  const response = await fetch(`https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`, {
+  const response = await fetch(`${cloudEndpoints.authority}/${tenantId}/oauth2/v2.0/token`, {
     method: "POST",
     headers: {
       "Content-Type": "application/x-www-form-urlencoded"
@@ -40,7 +42,8 @@ async function exchangeCodeForToken(code, redirectUri, clientId, clientSecret, t
   }
   return response.json();
 }
-async function refreshAccessToken(refreshToken, clientId, clientSecret, tenantId = "common") {
+async function refreshAccessToken(refreshToken, clientId, clientSecret, tenantId = "common", cloudType = "global") {
+  const cloudEndpoints = getCloudEndpoints(cloudType);
   const params = new URLSearchParams({
     grant_type: "refresh_token",
     refresh_token: refreshToken,
@@ -49,7 +52,7 @@ async function refreshAccessToken(refreshToken, clientId, clientSecret, tenantId
   if (clientSecret) {
     params.append("client_secret", clientSecret);
   }
-  const response = await fetch(`https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`, {
+  const response = await fetch(`${cloudEndpoints.authority}/${tenantId}/oauth2/v2.0/token`, {
     method: "POST",
     headers: {
       "Content-Type": "application/x-www-form-urlencoded"

package/dist/oauth-provider.js

@@ -1,18 +1,20 @@
 import { ProxyOAuthServerProvider } from "@modelcontextprotocol/sdk/server/auth/providers/proxyProvider.js";
 import logger from "./logger.js";
+import { getCloudEndpoints } from "./cloud-config.js";
 class MicrosoftOAuthProvider extends ProxyOAuthServerProvider {
   constructor(authManager, secrets) {
     const tenantId = secrets.tenantId || "common";
     const clientId = secrets.clientId;
+    const cloudEndpoints = getCloudEndpoints(secrets.cloudType);
     super({
       endpoints: {
-        authorizationUrl: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/authorize`,
-        tokenUrl: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`,
-        revocationUrl: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/logout`
+        authorizationUrl: `${cloudEndpoints.authority}/${tenantId}/oauth2/v2.0/authorize`,
+        tokenUrl: `${cloudEndpoints.authority}/${tenantId}/oauth2/v2.0/token`,
+        revocationUrl: `${cloudEndpoints.authority}/${tenantId}/oauth2/v2.0/logout`
       },
       verifyAccessToken: async (token) => {
         try {
-          const response = await fetch("https://graph.microsoft.com/v1.0/me", {
+          const response = await fetch(`${cloudEndpoints.graphApi}/v1.0/me`, {
             headers: {
               Authorization: `Bearer ${token}`
             }

package/dist/secrets.js

@@ -1,10 +1,12 @@
 import logger from "./logger.js";
+import { parseCloudType } from "./cloud-config.js";
 class EnvironmentSecretsProvider {
   async getSecrets() {
     return {
       clientId: process.env.MS365_MCP_CLIENT_ID || "",
       tenantId: process.env.MS365_MCP_TENANT_ID || "common",
-      clientSecret: process.env.MS365_MCP_CLIENT_SECRET
+      clientSecret: process.env.MS365_MCP_CLIENT_SECRET,
+      cloudType: parseCloudType(process.env.MS365_MCP_CLOUD_TYPE)
     };
   }
 }
@@ -18,11 +20,14 @@ class KeyVaultSecretsProvider {
     const credential = new DefaultAzureCredential();
     const client = new SecretClient(this.vaultUrl, credential);
     logger.info(`Fetching secrets from Key Vault: ${this.vaultUrl}`);
-    const [clientIdSecret, tenantIdSecret, clientSecretResult] = await Promise.all([
-      client.getSecret("ms365-mcp-client-id"),
-      client.getSecret("ms365-mcp-tenant-id").catch(() => null),
-      client.getSecret("ms365-mcp-client-secret").catch(() => null)
-    ]);
+    const [clientIdSecret, tenantIdSecret, clientSecretResult, cloudTypeResult] = await Promise.all(
+      [
+        client.getSecret("ms365-mcp-client-id"),
+        client.getSecret("ms365-mcp-tenant-id").catch(() => null),
+        client.getSecret("ms365-mcp-client-secret").catch(() => null),
+        client.getSecret("ms365-mcp-cloud-type").catch(() => null)
+      ]
+    );
     if (!clientIdSecret.value) {
       throw new Error("Required secret ms365-mcp-client-id not found in Key Vault");
     }
@@ -30,7 +35,8 @@ class KeyVaultSecretsProvider {
     return {
       clientId: clientIdSecret.value,
       tenantId: tenantIdSecret?.value || "common",
-      clientSecret: clientSecretResult?.value
+      clientSecret: clientSecretResult?.value,
+      cloudType: parseCloudType(cloudTypeResult?.value)
     };
   }
 }

package/dist/server.js

@@ -15,6 +15,7 @@ import {
   refreshAccessToken
 } from "./lib/microsoft-auth.js";
 import { getSecrets } from "./secrets.js";
+import { getCloudEndpoints } from "./cloud-config.js";
 function parseHttpOption(httpOption) {
   if (typeof httpOption === "boolean") {
     return { host: void 0, port: 3e3 };
@@ -134,8 +135,9 @@ class MicrosoftGraphServer {
         const url = new URL(req.url, `${req.protocol}://${req.get("host")}`);
         const tenantId = this.secrets?.tenantId || "common";
         const clientId = this.secrets.clientId;
+        const cloudEndpoints = getCloudEndpoints(this.secrets.cloudType);
         const microsoftAuthUrl = new URL(
-          `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/authorize`
+          `${cloudEndpoints.authority}/${tenantId}/oauth2/v2.0/authorize`
         );
         const allowedParams = [
           "response_type",
@@ -201,7 +203,8 @@ class MicrosoftGraphServer {
               clientId,
               clientSecret,
               tenantId,
-              body.code_verifier
+              body.code_verifier,
+              this.secrets.cloudType
             );
             res.json(result);
           } else if (body.grant_type === "refresh_token") {
@@ -217,7 +220,8 @@ class MicrosoftGraphServer {
               body.refresh_token,
               clientId,
               clientSecret,
-              tenantId
+              tenantId,
+              this.secrets.cloudType
             );
             res.json(result);
           } else {

package/logs/mcp-server.log

@@ -1,5 +1,5 @@
-2025-12-23 08:30:22 INFO: Using environment variables for secrets
-2025-12-23 08:30:22 INFO: Using environment variables for secrets
-2025-12-23 08:30:22 INFO: Using environment variables for secrets
-2025-12-23 08:30:22 INFO: Using environment variables for secrets
-2025-12-23 08:30:22 INFO: Using environment variables for secrets
+2026-01-12 13:28:46 INFO: Using environment variables for secrets
+2026-01-12 13:28:46 INFO: Using environment variables for secrets
+2026-01-12 13:28:46 INFO: Using environment variables for secrets
+2026-01-12 13:28:46 INFO: Using environment variables for secrets
+2026-01-12 13:28:46 INFO: Using environment variables for secrets

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@softeria/ms-365-mcp-server",
-  "version": "0.28.3",
+  "version": "0.30.0",
   "description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
   "type": "module",
   "main": "dist/index.js",