Claude Microsoft 365 connector compliance FAQ

Microsoft says delegated access means the app acts on behalf of the signed-in user, and Anthropic says the connector uses delegated permissions for Microsoft 365 access. The connector cannot exceed the combination of the granted scopes and the user’s own access to data.

Anthropic says users can only access Microsoft 365 data they already have permission to see. The security guide also says users cannot bypass SharePoint sharing settings or access other users’ private files or emails.

No. Anthropic says the connector requires a Microsoft 365 account tied to a Microsoft Entra tenant and that personal Microsoft accounts such as Outlook.com or Hotmail cannot be used to authenticate.

No. Anthropic documents the current connector as read-only and says it cannot send emails, schedule meetings, create or modify documents, or post Teams messages.

Anthropic says the connector operates as a secure proxy, retrieves content on demand during active queries, and does not cache file content. The security guide also says the MCP server does not store or manage Microsoft credentials.

Yes. Anthropic says the connector supports existing Entra policies such as MFA, device compliance, IP restrictions, and group-based access, and that delegated permissions respect Microsoft 365 DLP policies.

Anthropic says all Graph API calls made by the connector are logged in your organization’s Microsoft 365 audit log and that Anthropic also logs authentication and tool execution events.

Microsoft says people searching the audit log need the Audit Logs or View-Only Audit Logs role in Microsoft Purview. Exchange admin tooling can also be required for cmdlet-based search workflows.

Microsoft says audit records for core services such as Exchange, SharePoint, OneDrive, and Teams are typically available after 60 to 90 minutes, but Microsoft does not guarantee a specific time after the event occurs.

Anthropic documents several revocation paths: individual users can disconnect the connector, Team and Enterprise owners can disable it for the organization, and Microsoft Entra admins can revoke specific scopes or all tenant access.

Yes. Anthropic says you can revoke specific capabilities in Microsoft Entra. Their examples include revoking Sites.Read.All for SharePoint, Mail.Read for Outlook, Chat.Read for Teams chat, and Files.Read or Files.Read.All for OneDrive file access.

Yes. Anthropic recommends using Microsoft Entra enterprise app assignment to restrict the connector to specific users or groups, then expanding the pilot progressively.

Not from one page alone. On April 11, 2026, Anthropic's docs page said Team and Enterprise plan users only, while the enable guide and security guide both said the connector was available on all Claude plans. Verify the current wording before publishing internal guidance.

Yes on Team and Enterprise. Anthropic says organization owners must enable the connector in Claude before team members can connect, and a Microsoft Entra Global Administrator must still complete the one-time consent process for the tenant.

Anthropic says read-only means the connector cannot send email, schedule meetings, create or modify documents, or post Teams messages. Anthropic also says user-level access is supported, while service-principal authentication is not.