@softeria/ms-365-mcp-server 0.85.0 → 0.85.1

package/dist/generated/client.js

@@ -567,10 +567,10 @@ const microsoft_graph_user = z.object({
   createdDateTime: z.string().regex(
     /^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$/
   ).datetime({ offset: true }).describe(
-    "The date and time the user was created, in ISO 8601 format and UTC. The value can't be modified and is automatically populated when the entity is created. Nullable. For on-premises users, the value represents when they were first created in Microsoft Entra ID. Property is null for some users created before June 2018 and on-premises users that were synced to Microsoft Entra ID before June 2018. Read-only. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in)."
+    "The date and time the user was created, in ISO 8601 format and UTC. The value can't be modified and is automatically populated when the entity is created. Nullable. For on-premises users, the value represents when they were first created in Microsoft Entra ID. Property is null for some users created before June 2018 and on-premises users that were synced to Microsoft Entra ID before June 2018. Read-only. Requires $select to retrieve. Supports $filter (eq, ne, not , ge, le, in)."
   ).nullish(),
   state: z.string().describe(
-    "The state or province in the user's address. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values)."
+    "The state or province in the user's address. Maximum length is 128 characters. Requires $select to retrieve. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values)."
   ).nullish(),
   userPrincipalName: z.string().describe(
     "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this value should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, ' . - _ ! # ^ ~. For the complete list of allowed characters, see username policies. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith) and $orderby."
@@ -581,47 +581,47 @@ const microsoft_graph_user = z.object({
     "Date and time when this object was deleted. Always null when the object hasn't been deleted."
   ).nullish(),
   aboutMe: z.string().describe(
-    "A freeform text entry field for the user to describe themselves. Returned only on $select."
+    "A freeform text entry field for the user to describe themselves. Requires $select to retrieve."
   ).nullish(),
   accountEnabled: z.boolean().describe(
-    "true if the account is enabled; otherwise, false. This property is required when a user is created. Returned only on $select. Supports $filter (eq, ne, not, and in)."
+    "true if the account is enabled; otherwise, false. This property is required when a user is created. Requires $select to retrieve. Supports $filter (eq, ne, not, and in)."
   ).nullish(),
   ageGroup: z.string().describe(
-    "Sets the age group of the user. Allowed values: null, Minor, NotAdult, and Adult. For more information, see legal age group property definitions. Returned only on $select. Supports $filter (eq, ne, not, and in)."
+    "Sets the age group of the user. Allowed values: null, Minor, NotAdult, and Adult. For more information, see legal age group property definitions. Requires $select to retrieve. Supports $filter (eq, ne, not, and in)."
   ).nullish(),
   assignedLicenses: z.array(microsoft_graph_assignedLicense).describe(
-    "The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate between directly assigned and inherited licenses. Use the licenseAssignmentStates property to identify the directly assigned and inherited licenses. Not nullable. Returned only on $select. Supports $filter (eq, not, /$count eq 0, /$count ne 0)."
+    "The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate between directly assigned and inherited licenses. Use the licenseAssignmentStates property to identify the directly assigned and inherited licenses. Not nullable. Requires $select to retrieve. Supports $filter (eq, not, /$count eq 0, /$count ne 0)."
   ).optional(),
   assignedPlans: z.array(microsoft_graph_assignedPlan).describe(
-    "The plans that are assigned to the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq and not)."
+    "The plans that are assigned to the user. Read-only. Not nullable. Requires $select to retrieve. Supports $filter (eq and not)."
   ).optional(),
   authorizationInfo: microsoft_graph_authorizationInfo.optional(),
   birthday: z.string().regex(
     /^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$/
   ).datetime({ offset: true }).describe(
-    "The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. Returned only on $select."
+    "The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. Requires $select to retrieve."
   ).optional(),
   businessPhones: z.array(z.string()).describe(
     "The telephone numbers for the user. NOTE: Although it's a string collection, only one number can be set for this property. Read-only for users synced from the on-premises directory. Returned by default. Supports $filter (eq, not, ge, le, startsWith)."
   ).optional(),
   city: z.string().describe(
-    "The city where the user is located. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values)."
+    "The city where the user is located. Maximum length is 128 characters. Requires $select to retrieve. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values)."
   ).nullish(),
   companyName: z.string().describe(
-    "The name of the company that the user is associated with. This property can be useful for describing the company that a guest comes from. The maximum length is 64 characters.Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values)."
+    "The name of the company that the user is associated with. This property can be useful for describing the company that a guest comes from. The maximum length is 64 characters.Requires $select to retrieve. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values)."
   ).nullish(),
   consentProvidedForMinor: z.string().describe(
-    "Sets whether consent was obtained for minors. Allowed values: null, Granted, Denied, and NotRequired. For more information, see legal age group property definitions. Returned only on $select. Supports $filter (eq, ne, not, and in)."
+    "Sets whether consent was obtained for minors. Allowed values: null, Granted, Denied, and NotRequired. For more information, see legal age group property definitions. Requires $select to retrieve. Supports $filter (eq, ne, not, and in)."
   ).nullish(),
   country: z.string().describe(
-    "The country or region where the user is located; for example, US or UK. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values)."
+    "The country or region where the user is located; for example, US or UK. Maximum length is 128 characters. Requires $select to retrieve. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values)."
   ).nullish(),
   creationType: z.string().describe(
-    "Indicates whether the user account was created through one of the following methods:  As a regular school or work account (null). As an external account (Invitation). As a local account for an Azure Active Directory B2C tenant (LocalAccount). Through self-service sign-up by an internal user using email verification (EmailVerified). Through self-service sign-up by a guest signing up through a link that is part of a user flow (SelfServiceSignUp). Read-only.Returned only on $select. Supports $filter (eq, ne, not, in)."
+    "Indicates whether the user account was created through one of the following methods:  As a regular school or work account (null). As an external account (Invitation). As a local account for an Azure Active Directory B2C tenant (LocalAccount). Through self-service sign-up by an internal user using email verification (EmailVerified). Through self-service sign-up by a guest signing up through a link that is part of a user flow (SelfServiceSignUp). Read-only.Requires $select to retrieve. Supports $filter (eq, ne, not, in)."
   ).nullish(),
   customSecurityAttributes: microsoft_graph_customSecurityAttributeValue.optional(),
   department: z.string().describe(
-    "The name of the department in which the user works. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, and eq on null values)."
+    "The name of the department in which the user works. Maximum length is 64 characters. Requires $select to retrieve. Supports $filter (eq, ne, not , ge, le, in, and eq on null values)."
   ).nullish(),
   deviceEnrollmentLimit: z.number().gte(-2147483648).lte(2147483647).describe(
     "The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000."
@@ -629,10 +629,10 @@ const microsoft_graph_user = z.object({
   employeeHireDate: z.string().regex(
     /^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$/
   ).datetime({ offset: true }).describe(
-    "The date and time when the user was hired or will start work in a future hire. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in)."
+    "The date and time when the user was hired or will start work in a future hire. Requires $select to retrieve. Supports $filter (eq, ne, not , ge, le, in)."
   ).nullish(),
   employeeId: z.string().describe(
-    "The employee identifier assigned to the user by the organization. The maximum length is 16 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values)."
+    "The employee identifier assigned to the user by the organization. The maximum length is 16 characters. Requires $select to retrieve. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values)."
   ).nullish(),
   employeeLeaveDateTime: z.string().regex(
     /^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$/
@@ -1382,16 +1382,16 @@ const microsoft_graph_group = z.object({
     "Date and time when this object was deleted. Always null when the object hasn't been deleted."
   ).nullish(),
   allowExternalSenders: z.boolean().describe(
-    "Indicates if people external to the organization can send messages to the group. The default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+    "Indicates if people external to the organization can send messages to the group. The default value is false. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
   ).nullish(),
   assignedLabels: z.array(microsoft_graph_assignedLabel).describe(
-    "The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. Returned only on $select. This property can be updated only in delegated scenarios where the caller requires both the Microsoft Graph permission and a supported administrator role."
+    "The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. Requires $select to retrieve. This property can be updated only in delegated scenarios where the caller requires both the Microsoft Graph permission and a supported administrator role."
   ).optional(),
   assignedLicenses: z.array(microsoft_graph_assignedLicense).describe(
-    "The licenses that are assigned to the group. Returned only on $select. Supports $filter (eq). Read-only."
+    "The licenses that are assigned to the group. Requires $select to retrieve. Supports $filter (eq). Read-only."
   ).optional(),
   autoSubscribeNewMembers: z.boolean().describe(
-    "Indicates if new members added to the group are autosubscribed to receive email notifications. You can set this property in a PATCH request for the group; don't set it in the initial POST request that creates the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+    "Indicates if new members added to the group are autosubscribed to receive email notifications. You can set this property in a PATCH request for the group; don't set it in the initial POST request that creates the group. Default value is false. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
   ).nullish(),
   classification: z.string().describe(
     "Describes a classification for the group (such as low, medium, or high business impact). Valid values for this property are defined by creating a ClassificationList setting value, based on the template definition.Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith)."
@@ -1408,10 +1408,10 @@ const microsoft_graph_group = z.object({
     "Indicates whether there are members in this group that have license errors from its group-based license assignment. This property is never returned on a GET operation. You can use it as a $filter argument to get groups that have members with license errors (that is, filter for this property being true). See an example. Supports $filter (eq)."
   ).nullish(),
   hideFromAddressLists: z.boolean().describe(
-    "True if the group isn't displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. The default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+    "True if the group isn't displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. The default value is false. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
   ).nullish(),
   hideFromOutlookClients: z.boolean().describe(
-    "True if the group isn't displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. The default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+    "True if the group isn't displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. The default value is false. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
   ).nullish(),
   isArchived: z.boolean().describe(
     "When a group is associated with a team, this property determines whether the team is in read-only mode.To read this property, use the /group/{groupId}/team endpoint or the Get team API. To update this property, use the archiveTeam and unarchiveTeam APIs."
@@ -1420,10 +1420,10 @@ const microsoft_graph_group = z.object({
     "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group can't be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license. Returned by default. Supports $filter (eq, ne, not)."
   ).nullish(),
   isManagementRestricted: z.boolean().describe(
-    "Indicates whether the group is a member of a restricted management administrative unit. If not set, the default value is null and the default behavior is false. Read-only.  To manage a group member of a restricted management administrative unit, the administrator or calling app must be assigned a Microsoft Entra role at the scope of the restricted management administrative unit. Returned only on $select."
+    "Indicates whether the group is a member of a restricted management administrative unit. If not set, the default value is null and the default behavior is false. Read-only.  To manage a group member of a restricted management administrative unit, the administrator or calling app must be assigned a Microsoft Entra role at the scope of the restricted management administrative unit. Requires $select to retrieve."
   ).nullish(),
   isSubscribedByMail: z.boolean().describe(
-    "Indicates whether the signed-in user is subscribed to receive email conversations. The default value is true. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+    "Indicates whether the signed-in user is subscribed to receive email conversations. The default value is true. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
   ).nullish(),
   licenseProcessingState: microsoft_graph_licenseProcessingState.optional(),
   mail: z.string().describe(
@@ -1519,7 +1519,7 @@ const microsoft_graph_post = z.lazy(
 );
 const microsoft_graph_conversationThread = z.object({
   id: z.string().describe("The unique identifier for an entity. Read-only.").optional(),
-  ccRecipients: z.array(microsoft_graph_recipient).describe("The Cc: recipients for the thread. Returned only on $select.").optional(),
+  ccRecipients: z.array(microsoft_graph_recipient).describe("The Cc: recipients for the thread. Requires $select to retrieve.").optional(),
   hasAttachments: z.boolean().describe(
     "Indicates whether any of the posts within this thread has at least one attachment. Returned by default."
   ).optional(),
@@ -1535,7 +1535,7 @@ const microsoft_graph_conversationThread = z.object({
   topic: z.string().describe(
     "The topic of the conversation. This property can be set when the conversation is created, but it cannot be updated. Returned by default."
   ).optional(),
-  toRecipients: z.array(microsoft_graph_recipient).describe("The To: recipients for the thread. Returned only on $select.").optional(),
+  toRecipients: z.array(microsoft_graph_recipient).describe("The To: recipients for the thread. Requires $select to retrieve.").optional(),
   uniqueSenders: z.array(z.string()).describe("All the users that sent a message to this thread. Returned by default.").optional(),
   posts: z.array(microsoft_graph_post).optional()
 }).passthrough();
@@ -2550,6 +2550,7 @@ const microsoft_graph_teamVisibilityType = z.enum([
   "hiddenMembership",
   "unknownFutureValue"
 ]);
+const microsoft_graph_channelLayoutType = z.enum(["post", "chat", "unknownFutureValue"]);
 const microsoft_graph_channelMembershipType = z.enum([
   "standard",
   "private",
@@ -2587,6 +2588,7 @@ const microsoft_graph_channel = z.lazy(
     isFavoriteByDefault: z.boolean().describe(
       "Indicates whether the channel should be marked as recommended for all members of the team to show in their channel list. Note: All recommended channels automatically show in the channels list for education and frontline worker users. The property can only be set programmatically via the Create team method. The default value is false."
     ).nullish(),
+    layoutType: microsoft_graph_channelLayoutType.optional(),
     membershipType: microsoft_graph_channelMembershipType.optional(),
     migrationMode: microsoft_graph_migrationMode.optional(),
     originalCreatedDateTime: z.string().regex(
@@ -2911,7 +2913,7 @@ const microsoft_graph_message = z.object({
   ).nullish(),
   inferenceClassification: microsoft_graph_inferenceClassificationType.optional(),
   internetMessageHeaders: z.array(microsoft_graph_internetMessageHeader).describe(
-    "A collection of message headers defined by RFC5322. The set includes message headers indicating the network path taken by a message from the sender to the recipient. It can also contain custom message headers that hold app data for the message.  Returned only on applying a $select query option. Read-only."
+    "A collection of message headers defined by RFC5322. The set includes message headers indicating the network path taken by a message from the sender to the recipient. It can also contain custom message headers that hold app data for the message.  Requires $select to retrieve. Read-only."
   ).optional(),
   internetMessageId: z.string().describe("The message ID in the format specified by RFC2822.").nullish(),
   isDeliveryReceiptRequested: z.boolean().describe("Indicates whether a read receipt is requested for the message.").nullish(),
@@ -4567,6 +4569,7 @@ const schemas = {
   microsoft_graph_teamSpecialization,
   microsoft_graph_teamSummary,
   microsoft_graph_teamVisibilityType,
+  microsoft_graph_channelLayoutType,
   microsoft_graph_channelMembershipType,
   microsoft_graph_channelSummary,
   microsoft_graph_sharedWithChannelTeamInfo,
@@ -5988,16 +5991,16 @@ You can search within a folder hierarchy, a whole drive, or files shared with th
             "Date and time when this object was deleted. Always null when the object hasn't been deleted."
           ).nullish(),
           allowExternalSenders: z.boolean().describe(
-            "Indicates if people external to the organization can send messages to the group. The default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+            "Indicates if people external to the organization can send messages to the group. The default value is false. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
           ).nullish(),
           assignedLabels: z.array(microsoft_graph_assignedLabel).describe(
-            "The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. Returned only on $select. This property can be updated only in delegated scenarios where the caller requires both the Microsoft Graph permission and a supported administrator role."
+            "The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. Requires $select to retrieve. This property can be updated only in delegated scenarios where the caller requires both the Microsoft Graph permission and a supported administrator role."
           ).optional(),
           assignedLicenses: z.array(microsoft_graph_assignedLicense).describe(
-            "The licenses that are assigned to the group. Returned only on $select. Supports $filter (eq). Read-only."
+            "The licenses that are assigned to the group. Requires $select to retrieve. Supports $filter (eq). Read-only."
           ).optional(),
           autoSubscribeNewMembers: z.boolean().describe(
-            "Indicates if new members added to the group are autosubscribed to receive email notifications. You can set this property in a PATCH request for the group; don't set it in the initial POST request that creates the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+            "Indicates if new members added to the group are autosubscribed to receive email notifications. You can set this property in a PATCH request for the group; don't set it in the initial POST request that creates the group. Default value is false. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
           ).nullish(),
           classification: z.string().describe(
             "Describes a classification for the group (such as low, medium, or high business impact). Valid values for this property are defined by creating a ClassificationList setting value, based on the template definition.Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith)."
@@ -6014,10 +6017,10 @@ You can search within a folder hierarchy, a whole drive, or files shared with th
             "Indicates whether there are members in this group that have license errors from its group-based license assignment. This property is never returned on a GET operation. You can use it as a $filter argument to get groups that have members with license errors (that is, filter for this property being true). See an example. Supports $filter (eq)."
           ).nullish(),
           hideFromAddressLists: z.boolean().describe(
-            "True if the group isn't displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. The default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+            "True if the group isn't displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. The default value is false. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
           ).nullish(),
           hideFromOutlookClients: z.boolean().describe(
-            "True if the group isn't displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. The default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+            "True if the group isn't displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. The default value is false. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
           ).nullish(),
           isArchived: z.boolean().describe(
             "When a group is associated with a team, this property determines whether the team is in read-only mode.To read this property, use the /group/{groupId}/team endpoint or the Get team API. To update this property, use the archiveTeam and unarchiveTeam APIs."
@@ -6026,10 +6029,10 @@ You can search within a folder hierarchy, a whole drive, or files shared with th
             "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group can't be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license. Returned by default. Supports $filter (eq, ne, not)."
           ).nullish(),
           isManagementRestricted: z.boolean().describe(
-            "Indicates whether the group is a member of a restricted management administrative unit. If not set, the default value is null and the default behavior is false. Read-only.  To manage a group member of a restricted management administrative unit, the administrator or calling app must be assigned a Microsoft Entra role at the scope of the restricted management administrative unit. Returned only on $select."
+            "Indicates whether the group is a member of a restricted management administrative unit. If not set, the default value is null and the default behavior is false. Read-only.  To manage a group member of a restricted management administrative unit, the administrator or calling app must be assigned a Microsoft Entra role at the scope of the restricted management administrative unit. Requires $select to retrieve."
           ).nullish(),
           isSubscribedByMail: z.boolean().describe(
-            "Indicates whether the signed-in user is subscribed to receive email conversations. The default value is true. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+            "Indicates whether the signed-in user is subscribed to receive email conversations. The default value is true. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
           ).nullish(),
           licenseProcessingState: microsoft_graph_licenseProcessingState.optional(),
           mail: z.string().describe(
@@ -6103,16 +6106,16 @@ You can create or update the following types of group: By default, this operatio
             "Date and time when this object was deleted. Always null when the object hasn't been deleted."
           ).nullish(),
           allowExternalSenders: z.boolean().describe(
-            "Indicates if people external to the organization can send messages to the group. The default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+            "Indicates if people external to the organization can send messages to the group. The default value is false. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
           ).nullish(),
           assignedLabels: z.array(microsoft_graph_assignedLabel).describe(
-            "The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. Returned only on $select. This property can be updated only in delegated scenarios where the caller requires both the Microsoft Graph permission and a supported administrator role."
+            "The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. Requires $select to retrieve. This property can be updated only in delegated scenarios where the caller requires both the Microsoft Graph permission and a supported administrator role."
           ).optional(),
           assignedLicenses: z.array(microsoft_graph_assignedLicense).describe(
-            "The licenses that are assigned to the group. Returned only on $select. Supports $filter (eq). Read-only."
+            "The licenses that are assigned to the group. Requires $select to retrieve. Supports $filter (eq). Read-only."
           ).optional(),
           autoSubscribeNewMembers: z.boolean().describe(
-            "Indicates if new members added to the group are autosubscribed to receive email notifications. You can set this property in a PATCH request for the group; don't set it in the initial POST request that creates the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+            "Indicates if new members added to the group are autosubscribed to receive email notifications. You can set this property in a PATCH request for the group; don't set it in the initial POST request that creates the group. Default value is false. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
           ).nullish(),
           classification: z.string().describe(
             "Describes a classification for the group (such as low, medium, or high business impact). Valid values for this property are defined by creating a ClassificationList setting value, based on the template definition.Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith)."
@@ -6129,10 +6132,10 @@ You can create or update the following types of group: By default, this operatio
             "Indicates whether there are members in this group that have license errors from its group-based license assignment. This property is never returned on a GET operation. You can use it as a $filter argument to get groups that have members with license errors (that is, filter for this property being true). See an example. Supports $filter (eq)."
           ).nullish(),
           hideFromAddressLists: z.boolean().describe(
-            "True if the group isn't displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. The default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+            "True if the group isn't displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. The default value is false. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
           ).nullish(),
           hideFromOutlookClients: z.boolean().describe(
-            "True if the group isn't displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. The default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+            "True if the group isn't displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. The default value is false. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
           ).nullish(),
           isArchived: z.boolean().describe(
             "When a group is associated with a team, this property determines whether the team is in read-only mode.To read this property, use the /group/{groupId}/team endpoint or the Get team API. To update this property, use the archiveTeam and unarchiveTeam APIs."
@@ -6141,10 +6144,10 @@ You can create or update the following types of group: By default, this operatio
             "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group can't be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license. Returned by default. Supports $filter (eq, ne, not)."
           ).nullish(),
           isManagementRestricted: z.boolean().describe(
-            "Indicates whether the group is a member of a restricted management administrative unit. If not set, the default value is null and the default behavior is false. Read-only.  To manage a group member of a restricted management administrative unit, the administrator or calling app must be assigned a Microsoft Entra role at the scope of the restricted management administrative unit. Returned only on $select."
+            "Indicates whether the group is a member of a restricted management administrative unit. If not set, the default value is null and the default behavior is false. Read-only.  To manage a group member of a restricted management administrative unit, the administrator or calling app must be assigned a Microsoft Entra role at the scope of the restricted management administrative unit. Requires $select to retrieve."
           ).nullish(),
           isSubscribedByMail: z.boolean().describe(
-            "Indicates whether the signed-in user is subscribed to receive email conversations. The default value is true. Returned only on $select. Supported only on the Get group API (GET /groups/{ID})."
+            "Indicates whether the signed-in user is subscribed to receive email conversations. The default value is true. Requires $select to retrieve. Supported only on the Get group API (GET /groups/{ID})."
           ).nullish(),
           licenseProcessingState: microsoft_graph_licenseProcessingState.optional(),
           mail: z.string().describe(
@@ -8519,7 +8522,7 @@ folder collection and navigate to another folder. By default, this operation doe
           ).nullish(),
           inferenceClassification: microsoft_graph_inferenceClassificationType.optional(),
           internetMessageHeaders: z.array(microsoft_graph_internetMessageHeader).describe(
-            "A collection of message headers defined by RFC5322. The set includes message headers indicating the network path taken by a message from the sender to the recipient. It can also contain custom message headers that hold app data for the message.  Returned only on applying a $select query option. Read-only."
+            "A collection of message headers defined by RFC5322. The set includes message headers indicating the network path taken by a message from the sender to the recipient. It can also contain custom message headers that hold app data for the message.  Requires $select to retrieve. Read-only."
           ).optional(),
           internetMessageId: z.string().describe("The message ID in the format specified by RFC2822.").nullish(),
           isDeliveryReceiptRequested: z.boolean().describe("Indicates whether a read receipt is requested for the message.").nullish(),
@@ -8601,7 +8604,7 @@ folder collection and navigate to another folder. By default, this operation doe
           ).nullish(),
           inferenceClassification: microsoft_graph_inferenceClassificationType.optional(),
           internetMessageHeaders: z.array(microsoft_graph_internetMessageHeader).describe(
-            "A collection of message headers defined by RFC5322. The set includes message headers indicating the network path taken by a message from the sender to the recipient. It can also contain custom message headers that hold app data for the message.  Returned only on applying a $select query option. Read-only."
+            "A collection of message headers defined by RFC5322. The set includes message headers indicating the network path taken by a message from the sender to the recipient. It can also contain custom message headers that hold app data for the message.  Requires $select to retrieve. Read-only."
           ).optional(),
           internetMessageId: z.string().describe("The message ID in the format specified by RFC2822.").nullish(),
           isDeliveryReceiptRequested: z.boolean().describe("Indicates whether a read receipt is requested for the message.").nullish(),

package/dist/lib/microsoft-auth.js

@@ -54,11 +54,17 @@ async function exchangeCodeForToken(code, redirectUri, clientId, clientSecret, t
   if (codeVerifier) {
     params.append("code_verifier", codeVerifier);
   }
+  const headers = {
+    "Content-Type": "application/x-www-form-urlencoded"
+  };
+  try {
+    const redirectUrl = new URL(redirectUri);
+    headers["Origin"] = redirectUrl.origin;
+  } catch {
+  }
   const response = await fetch(`${cloudEndpoints.authority}/${tenantId}/oauth2/v2.0/token`, {
     method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
+    headers,
     body: params
   });
   if (!response.ok) {
@@ -68,7 +74,7 @@ async function exchangeCodeForToken(code, redirectUri, clientId, clientSecret, t
   }
   return response.json();
 }
-async function refreshAccessToken(refreshToken, clientId, clientSecret, tenantId = "common", cloudType = "global") {
+async function refreshAccessToken(refreshToken, clientId, clientSecret, tenantId = "common", cloudType = "global", origin) {
   const cloudEndpoints = getCloudEndpoints(cloudType);
   const params = new URLSearchParams({
     grant_type: "refresh_token",
@@ -78,11 +84,15 @@ async function refreshAccessToken(refreshToken, clientId, clientSecret, tenantId
   if (clientSecret) {
     params.append("client_secret", clientSecret);
   }
+  const headers = {
+    "Content-Type": "application/x-www-form-urlencoded"
+  };
+  if (origin) {
+    headers["Origin"] = origin;
+  }
   const response = await fetch(`${cloudEndpoints.authority}/${tenantId}/oauth2/v2.0/token`, {
     method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
+    headers,
     body: params
   });
   if (!response.ok) {

package/dist/server.js

@@ -266,7 +266,17 @@ class MicrosoftGraphServer {
         }
         microsoftAuthUrl.searchParams.set("client_id", clientId);
         if (!microsoftAuthUrl.searchParams.get("scope")) {
-          microsoftAuthUrl.searchParams.set("scope", "User.Read Files.Read Mail.Read");
+          microsoftAuthUrl.searchParams.set(
+            "scope",
+            "User.Read Files.Read Mail.Read offline_access"
+          );
+        } else {
+          const scopeValue = microsoftAuthUrl.searchParams.get("scope");
+          const scopeList = scopeValue.split(/\s+/).filter(Boolean);
+          if (!scopeList.includes("offline_access")) {
+            scopeList.push("offline_access");
+            microsoftAuthUrl.searchParams.set("scope", scopeList.join(" "));
+          }
         }
         res.redirect(microsoftAuthUrl.toString());
       });
@@ -341,12 +351,14 @@ class MicrosoftGraphServer {
             } else {
               logger.info("Refresh endpoint: Using public client without client_secret");
             }
+            const origin = req.get("origin") || req.get("referer") || void 0;
             const result = await refreshAccessToken(
               body.refresh_token,
               clientId,
               clientSecret,
               tenantId,
-              this.secrets.cloudType
+              this.secrets.cloudType,
+              origin
             );
             res.json(result);
           } else {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@softeria/ms-365-mcp-server",
-  "version": "0.85.0",
+  "version": "0.85.1",
   "description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
   "type": "module",
   "main": "dist/index.js",