MCP Graph API Integration

A Model Context Protocol (MCP) implementation that integrates with Microsoft Graph API to provide AI-assisted access to Azure Active Directory/Entra ID resources.

Overview

This solution demonstrates how to build a Model Context Protocol (MCP) server that connects to Microsoft Graph API, allowing an AI assistant to query and interact with Azure Active Directory/Entra ID resources. The solution includes:

1. MCP.Server: A .NET Web API that implements the MCP protocol and connects to Microsoft Graph API
2. MCP.Client: A Blazor WebAssembly client for interacting with the MCP server
3. MCP.Shared: Shared models and contracts between the server and client

The solution enables users to chat with an AI assistant about their Azure AD resources, particularly application registrations, using natural language.

Architecture

┌─────────────┐     ┌────────────┐     ┌──────────────┐     ┌───────────────┐
│  MCP.Client │─────►  MCP.Server │─────► Azure OpenAI │     │  Microsoft    │
│  (Blazor)   │     │  (Web API)  │     │  Service     │     │  Graph API    │
└─────────────┘     └────────────┘     └──────────────┘     └───────────────┘
                          │                                        ▲
                          └────────────────────────────────────────┘

Features

• AI-powered chat interface for querying Azure AD resources
• MCP implementation that provides function calling capabilities to the AI model
• Integration with Microsoft Graph API to access Azure AD data
• Authentication and permission handling for secure access
• Testing tools to verify Graph API connectivity and permissions

Prerequisites

• .NET 9.0 SDK or newer
• Azure subscription with:
  • Azure OpenAI Service instance
  • Application registration in Azure AD with appropriate permissions
• Visual Studio 2022 or Visual Studio Code

Configuration

Server Configuration

The MCP Server requires configuration in appsettings.json:

1. Azure OpenAI Configuration:

   "AzureOpenAI": {
     "Endpoint": "https://your-endpoint.openai.azure.com/",
     "DeploymentName": "your-deployment-name",
     "ApiKey": "your-api-key"
   }
   

2. Azure AD Configuration:

   "AzureAd": {
     "Instance": "https://login.microsoftonline.com/",
     "TenantId": "your-tenant-id",
     "ClientId": "your-client-id",
     "ClientSecret": "your-client-secret",
     "Scopes": ["User.Read", "Application.Read.All"]
   }
   

Required Azure AD Permissions

The application requires the following Microsoft Graph permissions:

• Application.Read.All

To grant these permissions:

1. Go to Azure Portal > App registrations > [Your App]
2. Select API permissions
3. Add Microsoft Graph > Application permissions > Application.Read.All
4. Click "Grant admin consent"

Getting Started

Building and Running the Solution

1. Clone the repository
2. Configure the appsettings.json files with your Azure OpenAI and Azure AD credentials
3. Open the solution in Visual Studio or VS Code
4. Build the solution: dotnet build
5. Run the server:

   cd MCP.Server
   dotnet run
   

6. Run the client:

   cd MCP.Client
   dotnet run
   

Testing the Application

1. Navigate to the client application (typically https://localhost:5001)
2. Click "Test Connection" to verify connectivity to the MCP server
3. Click "Test Graph API" to verify Graph API connectivity and permissions
4. Begin chatting with the AI assistant, asking about your Azure AD resources

If you encounter permission issues, refer to the GraphApiPermissionFix.md document.

Troubleshooting

Graph API Permissions

If the AI reports it doesn't have permissions to access certain resources, run the included PowerShell script to test your permissions:

.\TestGraphPermissions.ps1

This script will help diagnose permission issues and provide guidance on how to fix them.

Common Issues

1. API Key or Secret Expired: Ensure your Azure OpenAI API keys and Azure AD client secrets are valid
2. Missing Permissions: Confirm that admin consent has been granted for all required permissions
3. CORS Issues: If experiencing client connection problems, check CORS settings in the server's Program.cs

Development

Adding New Graph API Capabilities

To extend the application with additional Graph API capabilities:

1. Add new function declarations in McpGraphService.cs
2. Implement the corresponding Graph API calls
3. Register the functions in the InitializeFunctions method

MCP Protocol

This project implements the Model Context Protocol, which allows:

• Structured communication between client and AI services
• Function calling capabilities for the AI model
• Context management across conversation turns

License

MIT License