Intune As A Service

Your Modern MCP Server for seamless Microsoft 365 & Azure Management via your AI Assistant.

Manage Azure infrastructure, devices, applications, users, mail, security, compliance, and more using natural language.

Learn More & Get Started

Powerful Features

Azure Infrastructure

VM Management (Create, Manage)
Storage Accounts & Containers
Virtual Networks & Subnets
Resource Group Management
Backup Vaults & Policies

Monitoring & Analytics

Resource Metrics Collection
Alert Rule Management
Cost Analysis & Optimization
Resource Health Monitoring
Performance Insights

Automation & Orchestration

Logic App Workflow Management
Automation Accounts & Runbooks
Scheduled Task Configuration
Event-Based Automation
Cross-Service Orchestration

Enhanced Intune Device Management

Multi-Platform Enrollment Config
Device Actions (Lock, Wipe, Sync, etc.)
Detailed Device Inventory
Windows Autopilot Profiles
Device Health Status

Enhanced Intune App Management

Multi-Type App Deployment
App Protection Policies
Installation Status Tracking
Apple VPP Token Config
App Assignment with Intent

Enhanced Policy Management

Policy Version Control & Rollback
Conflict Detection
Configuration Profile Management
Scheduled PowerShell Scripts
Windows Update Configuration
Compliance Policies

Enhanced Security Management

Security Baseline Management
Device Risk Score Assessment
Security Metrics & Analytics
Security Policy Configuration
Conditional Access Policies

Microsoft 365 Core

Users & Groups Management
Mail & Calendar Access (Read, Send)
Teams & SharePoint Integration
OneDrive Access

Microsoft Purview

Security Alerts & Incidents
Secure Scores & Risky Users
DLP & Sensitivity Labels
eDiscovery & Retention
Audit Logs
Communication Compliance

Enhanced Backup & Restore

Policy Backup (Intune, CA, Compliance, App Protection)
Include Assignments
Version Control & Rollback
Selective Restore Options
Backup All Policies

Enhanced Integration

Sync with MEM
Apple DEP/VPP Config
Android Enterprise Config
Cross-Platform Management

Enhanced Reporting

Comprehensive Device Reports
Detailed Device Analytics
Compliance Status Tracking
Policy Effectiveness Monitoring
Security & Health Reports

Maester Compliance Testing

Run Comprehensive Security Tests
Detailed HTML/Markdown Reports
Pass/Fail Status & Explanations
Remediation Steps Included
Test Policies, Configs, Rules

How It Works

This Model Context Protocol (MCP) server acts as a secure bridge between your AI Assistant and your Microsoft 365 & Azure environments.

By leveraging the Microsoft Graph API and Azure APIs, it allows the AI Assistant to understand and execute commands related to various M365 and Azure services, translating natural language requests into actionable administrative tasks.

Simply configure the server and provide your AI Assistant with the necessary connection details, and you can start managing your environment conversationally.

Setup Guide

Follow these steps to get the Intune As A Service MCP Server up and running.

1. Prerequisites

Ensure you have:

An Azure Subscription
Azure Monitor enabled
Azure Automation account
An Azure AD tenant with M365 subscriptions.
An Azure AD App Registration.
Appropriate API permissions granted (see README).

2. Configuration

Set up your environment:

Copy .env.example to .env.
Fill in Azure AD details (TENANT_ID, CLIENT_ID, CLIENT_SECRET).
Fill in Azure details (AZURE_SUBSCRIPTION_ID).
Optionally set AZURE_REGION, AZURE_RESOURCE_GROUP.

3. Build & Run

Build the server:

npm run build

Configure the MCP settings within your AI client using the provided JSON structure and point to the built server file (index.js).

View Full Documentation

Natural Language Examples Wiki

Click on a category below to see more examples of how you can ask your AI Assistant to manage your Microsoft environment.

Configure Windows enrollment restrictions to block personal devices.

Lock the device 'SERIAL12345'.

Retire the Intune record for the device belonging to 'ex.employee@example.com'.

Wipe the corporate data from device 'device-id'.

Reboot the Windows device 'COMPUTER-NAME'.

Reset the passcode for the iPhone with ID 'device-guid-here'.

Sync policies on device 'guid-here'.

Show me a detailed inventory of all corporate Windows devices, including their serial number and OS version.

Show me all Windows devices that haven't checked in for 30 days.

Create a Windows Autopilot profile named 'Standard User Profile' for Hybrid Azure AD Join.

Deploy Microsoft Edge (latest stable) from the Microsoft Store to all Windows devices.

Create a line-of-business app entry for our internal Android app 'inventory.apk'.

Deploy the 'SAP Client' Win32 app to the 'Finance Department' group.

Create a web link app named 'Internal HR Portal' pointing to 'https://hr.example.com'.

Configure an app protection policy for iOS devices to prevent copy/paste from managed apps to unmanaged apps.

Show me which devices failed to install the 'Visio Plan 2' app assignment.

Make the 'Microsoft To Do' app available (not required) for the 'Managers' group.

Make the 'Company Portal' app required for all enrolled Android devices.

Update our Apple VPP token information.

Create a new macOS configuration profile to enforce FileVault encryption.

Create a Windows configuration profile to disable USB storage.

Check the compliance status of the policy 'iOS Security Settings'.

Show me the different versions of the 'Windows Security Baseline' policy.

Roll back the 'Android Device Restrictions' profile to the previous version.

Are there any conflicts detected for compliance policies assigned to the 'Sales Users' group?

Duplicate the 'Standard Android Restrictions' profile.

Deploy a PowerShell script named 'Set-TimeZone.ps1' to run weekly on devices in the 'EU Devices' group.

Configure Windows Update deferral periods for quality updates to 7 days for the 'Main Ring' devices.

Apply the 'CIS Benchmark Level 2' security baseline to Windows servers.

List devices with a risk score higher than medium.

What's the overall security posture score for our enrolled devices?

Show me devices that failed to apply the 'Endpoint Security Firewall' policy.

Show me the trend of Antivirus definition compliance over the past 30 days.

Configure a Conditional Access policy requiring compliant devices for accessing SharePoint Online.

Create a Linux VM named 'backend-server-1' in 'westus2' using the 'Standard_B2s' size.

Make a new storage account called 'projectdatastorage' in the 'dev-rg' resource group with GRS replication.

Set up a virtual network named 'prod-vnet' with the address space 10.10.0.0/16.

List all resource groups in my subscription.

Configure a daily backup policy for VMs tagged with 'critical'.

Show me the properties of the VM 'db-server-01'.

Get the average network in/out for all VMs in 'prod-rg' over the last 24 hours.

Create an alert rule named 'High Memory Usage' for the App Service Plan 'my-asp' when memory percentage exceeds 85% for 15 minutes.

What was my Azure spending last month, broken down by service name?

Check the current health status for all resources in the 'staging-rg' resource group.

Analyze the performance of my SQL database 'product-db' and provide insights.

Create a Logic App that triggers when a file is uploaded to blob storage container 'uploads' and sends an email.

Define an Azure Automation PowerShell runbook named 'Stop-DevVMs' that stops all VMs tagged with 'environment=dev'.

Schedule the 'Stop-DevVMs' runbook to execute every weekday at 7 PM Pacific Time.

Set up an event grid subscription that triggers a function app when a resource group is deleted.

List all users located in the 'UK' office.

What groups is 'sara.davis@example.com' a member of?

Show me the license details for user 'admin-account'.

Get the members of the dynamic group 'All Full Time Employees'.

Find emails in my inbox from 'noreply@example.com' received yesterday.

Send an email to 'project-team@example.com' with subject 'Meeting Rescheduled' and body 'See updated invite'.

List my calendar events for tomorrow.

Show me the members of the 'Marketing Campaign Q2' Team.

Get the recent messages from the 'General' channel in the 'Product Development' Team.

Show me any critical security alerts generated today.

What is our current Secure Score?

List all users currently identified as high-risk.

Create a DLP policy for Teams chat to warn users when sharing PII.

Show me all files labeled 'Highly Confidential' in the 'Finance Team' SharePoint site.

Start an eDiscovery case for custodian 'legal.hold@example.com'.

Create a retention label named '7-Year Finance Records' that automatically applies to documents containing financial keywords.

Show me the directory audit logs for user creation events over the last week.

Backup all Intune device configuration profiles, including their assignments, to '/backup/intune/configs'.

Restore the Conditional Access policy named 'Block China Access' from the backup file 'ca_backup_20250325.json'.

Show me the available versions for the backed-up compliance policy 'PCI DSS Requirements'.

Perform a selective restore of only the 'iOS App Protection' policy, overwriting the existing one.

Configure the connection to our Apple Business Manager account using the new token file.

Set up Google Android Enterprise enrollment by connecting our managed Google Play account.

Check the synchronization status with Microsoft Endpoint Manager.

Generate a report of all Windows devices and their current OS version.

Show me a graph of device compliance trends over the last 90 days, grouped by OS.

Which configuration profiles have the lowest success rate?

Generate a detailed security report for devices in the 'Executive Management' group.

Run all security and compliance tests and save the report.

Run the compliance test for device compliance policies ('MT.1001').

List all available compliance tests.

Show me the results of the last compliance test run.

Want to Automate your Microsoft Eco system Contact me at Kameron@dynamicendpoints.com