An AI assistant for your inbox, calendar, and tasks, that never sends a thing on its own.
Most people want the same things from an AI assistant at work: clear the inbox, prep the week, turn an email into a task. The hard part is trust. You do not want an agent firing off emails or blasting calendar invites on your behalf. The Rubi 365 MCP is built around exactly that concern. It is a safety-first interface to Microsoft 365 (Outlook Mail, Calendar, and Microsoft To Do) that lets Claude do the work and leaves the sending to you.
Like every Rubi connector, it is a Model Context Protocol (MCP) server: a gatekeeper that sits between the AI agent and the system and controls exactly what the agent can do. We explain that gatekeeper pattern in full in the Rubi Odoo MCP. Here the emphasis is a different guarantee: nothing irreversible happens without you.
What the 365 MCP can do.
The server covers the everyday Microsoft 365 work that eats your morning. Across mail, calendar, and tasks it can search and draft mail, manage calendar events, check availability across people, and turn an email into a task, plus more for filing, flagging, and organising. It also ships ready-made workflow prompts such as summarize_inbox, prepare_week, and email_to_task.
Email tools are drafts-only. Anything the agent writes saves to your Drafts folder, and the server never sends mail automatically. New calendar events are added to your calendar only and never blast invites to attendees. Deleting an event or task requires confirmation first. Every response includes the Outlook web link so you can review and send yourself.
It runs as you, and only as you.
The agent can never do more than you can. Each person signs in with their own Microsoft Entra ID identity, and the server acts on short-lived, delegated tokens that never exceed your own permissions. There are no stored long-lived credentials or API keys. The few secrets the server does need are held in Azure Key Vault and are never seen by the AI. Every call goes through the official Microsoft Graph API.
The agent prepares the work. You stay in control of what actually goes out.
Built to extend across Microsoft 365.
Mail, calendar, and tasks are where most teams start, but they are not the limit. Because the server is built on the Microsoft Graph API, the same governed, drafts-first pattern can extend to other Microsoft 365 resources such as OneDrive and SharePoint, and Teams, as your needs grow. An agent that can read the right document, file a draft, and update a task, all within the same identity and safety model, becomes genuinely useful without becoming risky.
Part of a family of connectors.
The 365 MCP shares its security model with the Rubi Odoo MCP and the Rubi Loom MCP. The same gatekeeper approach works for any system with an API, and we build these regularly.
Frequently asked questions.
No. Email tools only ever create drafts, and calendar events are added to your own calendar with no invites sent. You review everything in Outlook and send or invite yourself. That is enforced by the server, not left to the agent's discretion.
No long-lived credentials are stored. Sign-in uses Microsoft Entra ID, and the agent acts on delegated, short-lived tokens that never exceed your own permissions. The server's own secrets live in Azure Key Vault and are never exposed to the AI.
Yes, as a scoped extension. The server is built on Microsoft Graph, so OneDrive, SharePoint, and Teams resources can be added to the same governed, drafts-first model. We scope those additions per engagement.