GuidesAPI referenceLatest updatesSlack Community
Latest updates
Start typing to search…
Back to All
Added

Configurable OAuth Scopes for Microsoft MCP Tools

March 30th, 2026

🎯 What is it?

Admins can now customize which permissions (OAuth scopes) are requested when installing Microsoft MCP tools. When setting up tools like Outlook Mail, Outlook Calendar, Microsoft Drive, Excel, or Teams, you can uncheck optional permissions such as write access, shared mailboxes, or contacts access. Once configured, these restrictions apply automatically to all user connections in your workspace.

💡 Why is it useful?

Many enterprise organizations have strict Azure AD policies that require minimizing permission requests. Previously, MCP tools requested all possible scopes by default, which could trigger lengthy admin consent processes or even block installation entirely. This feature gives you granular control over the permission surface, making it easier to align Dust with your organization's security policies and get approvals faster.

How does it work?

During the MCP tool installation flow, admins will see a list of available OAuth scopes with checkboxes. Simply uncheck any optional permissions your organization doesn't need. Dust will only request the scopes you've selected, and all users in your workspace will inherit these restrictions when they connect their personal Microsoft accounts to the agent.

Concrete Use Cases

Here's how you could use it:

Read-only access: Your security team only wants agents to read emails and calendar events, not send or modify them. Uncheck write permissions during Outlook Mail and Calendar installation.

No shared mailbox access: Your organization doesn't use shared mailboxes and your IT policy forbids requesting that permission. Uncheck the shared mailbox scope when installing Outlook Mail to avoid unnecessary admin consent blockers.

📈 Benefits for you

  • Faster deployment: Reduce admin consent friction by requesting only the minimum required permissions

  • Better security posture: Minimize the permission surface and align with your zero-trust policies

  • Greater control: Tailor each tool's access level to match your organization's specific needs

🚀 How to access it?

This feature is automatically available when installing or reconfiguring Microsoft MCP tools (Outlook Mail, Outlook Calendar, Microsoft Drive, Excel, Teams). Workspace admins will see the configurable scopes during the installation flow. If you need this capability for other MCP tools, reach out to your Customer Success Manager.