// How to authenticate with Microsoft Graph CLI (mgc) — login, logout, scopes, and auth strategies. Use this skill whenever the user needs to sign in to Microsoft 365, configure mgc authentication, manage Graph API scopes, or troubleshoot 401 Unauthorized errors with the mgc CLI.
Use this skill when the user asks to parse, perform multi-format document conversion or spatially extract text from an unstructured file (PDF, DOCX, PPTX, XLSX, images, etc.) locally without cloud dependencies.
How to read, create, update, and manage Outlook calendar events via the Microsoft Graph CLI (mgc). Use this skill whenever the user wants to work with their Microsoft 365 calendar — listing events, checking the week's schedule, creating meetings, accepting or declining invitations, finding available meeting times, or managing Teams online meetings.
How to read, search, filter, send, reply, forward, and manage Outlook email via the Microsoft Graph CLI (mgc). Use this skill whenever the user wants to work with email in Microsoft 365 / Outlook — searching messages, checking unread mail, sending emails, downloading attachments, managing folders, or handling the Focused Inbox.
How to upload, download, and manage files in SharePoint document libraries and OneDrive via the Microsoft Graph CLI (mgc). Use this skill whenever the user wants to upload files to SharePoint, download files, list folder contents, or navigate SharePoint drive structures.
| name | msgraphauth |
| description | How to authenticate with Microsoft Graph CLI (mgc) — login, logout, scopes, and auth strategies. Use this skill whenever the user needs to sign in to Microsoft 365, configure mgc authentication, manage Graph API scopes, or troubleshoot 401 Unauthorized errors with the mgc CLI. |
./mgc-cli/mgc
# Device-code login (default — opens browser flow)
mgc login
# Interactive browser
mgc login --strategy InteractiveBrowser
# App-only with client certificate
mgc login --strategy ClientCertificate --client-id <id> --tenant-id <tid>
# Login with specific scopes
mgc login --client-id <id> --tenant-id <tid> \
--scopes Mail.ReadWrite --scopes Mail.Send --scopes Calendars.ReadWrite
mgc logout
mgc me get
Use --user-id me in all commands to target the currently signed-in user.
| Operation | Scope |
|---|---|
| Read mail | Mail.Read |
| Send mail | Mail.Send |
| Read & write mail | Mail.ReadWrite |
| Read calendar | Calendars.Read |
| Read & write calendar | Calendars.ReadWrite |
| Read profile | User.Read |
| Read/write SharePoint files & drives | Sites.ReadWrite.All |
| Read OneDrive files | Files.Read |
| Read & write OneDrive files | Files.ReadWrite |
Important: SharePoint drive access (sites, document libraries) requires Sites.ReadWrite.All. Without it, mgc sites drive get returns 403 accessDenied even if the user owns the site.
# Login with SharePoint file access
./mgc-cli/mgc login --scopes Sites.ReadWrite.All --strategy InteractiveBrowser
Run -h on any subcommand to see the exact required permissions listed in its help output.
401 Unauthorized → missing scopes; run mgc logout then mgc login --scopes <needed-scope>mgc login--user-id me only works with delegated (user) auth — app-only auth requires an explicit user ID--debug to inspect the raw HTTP request/response