Ever wished you could manage your Microsoft 365 tenant without juggling endless PowerShell scripts? Enter Lokka, your AI-powered sidekick that connects directly to Microsoft Graph and Azure APIs, so you can simply ask what you want.
Table of Contents
What Is Lokka (and What’s MCP)?
Lokka is a Model Context Protocol (MCP) server that acts as a translator between AI models (like ChatGPT or GitHub Copilot Agent) and your Microsoft 365 or Azure tenant.
The Lokka documentation includes a helpful diagram illustrating the overall flow.
Think of MCP as a USB-C port for AI tools, a universal interface that lets you securely connect an AI model to your Microsoft environment. Lokka bridges the gap so you can say things like:
“List all users without licenses.”
“Add Alex to the Network Admins group.”
“Show OneDrive accounts over 90% full.”
Instead of writing and debugging a PowerShell script, Lokka interprets your plain-English query and executes it via the Microsoft Graph and Azure Resource Manager APIs.
Setting Up Lokka
Lokka works as an MCP server that you connect through VS Code with the GitHub Copilot Agent. Here’s how to get it running.
Pre-requisites
- Visual Studio Code (latest version)
- GitHub Copilot Chat extension
- Node.js installed (
npxmust be available) - Global admin or app registration permissions in Microsoft Entra
Step 1: Create a Microsoft Entra App
Before Lokka can talk to your tenant, it needs a Microsoft Entra (Azure AD) app for authentication.
- Go to Microsoft Entra admin center → App registrations → New registration
- Name it something like
Lokka-Agent - Once created, note the Application (client) ID and Directory (tenant) ID
Add API Permissions
I enabled the following permissions. yes, it’s quite a list, but this is a test tenant after all. I wanted to push Lokka’s limits and see what it’s truly capable of. I recommend doing the same: experiment safely in a test environment first.
Once added, click Grant admin consent to approve them for the tenant.
Create a Client Secret
While certificate-based authentication is the best practice for Entra app registrations, I’m keeping it simple and using a client secret for this test setup.
Under Certificates & secrets, create a new client secret, copy the value now; you won’t see it again.
You’ll use these three values in Lokka’s config file:
{
"clientId": "YOUR_CLIENT_ID",
"clientSecret": "YOUR_CLIENT_SECRET",
"tenantId": "YOUR_TENANT_ID"
}
Step 2: Install Lokka in VS Code
You can install Lokka two ways: one-click or manual.
Option 1: One-Click Install
- Start VS Code and then click the button below to install Lokka in VS Code.
- If your browser prompts you to open VS Code, click Open.
- In the VS Code Lokka-Microsoft install page
- Click Install.
- Click the widget icon next to the button and select Start Server.
- This will open a browser window and prompt you to sign into your Microsoft tenant.
Option 2: Manual Install
After the one-click install method gave me some trouble, I went ahead and followed the manual setup steps instead.
- Open Command Palette →
Ctrl + Shift + P - Search for MCP: Add Server…
- Select Command (stdio)
- Enter the following command:
npx -y @merill/lokka - Name it
Lokka-Microsoftand choose Global install - Save the generated JSON file with tenant id, Client id and client secret.
Step 3: Start and Configure the MCP Server
You can manually start Lokka anytime:
- Open Command Palette →
MCP: List Servers - Select
Lokka-Microsoft→ Start Server - A browser window will appear again to confirm sign-in
Once started, Lokka is ready to interpret your natural language requests.
Step 4: Using Lokka in Action
- Start a new instance of VS Code (File > New Window)
- Open Chat from View → Chat
- At the bottom of the Chat panel (below the chat box)
- Select Agent (if it is showing Ask or Edit)
- Select Claude Sonnet 4 or above (if it is showing GPT-40)
- Now you can start querying your Microsoft tenant using the Lokka agent tool.
Now for the fun part, try these commands inside VS Code’s Copilot chat:
Get all groups without owners
List users who haven’t signed in for 30 days
Show all unlicensed Microsoft 365 users
Add "Alex Johnson" to "Finance Team" group
Change job title of "Taylor Smith" to "Senior Engineer"
List users with mailbox forwarding enabled
List OneDrive accounts over 90% full
How many unused M365 licenses do we have?Some of the prompts I tried,
No PowerShell scripting, no loops, no parsing JSON, just straightforward queries. Lokka translates them into Graph API calls behind the scenes.
Security Considerations
While Lokka is powerful, it’s only as safe as the permissions you grant. A few tips:
- Start with read-only access — test and observe results first
- Use a dedicated service account instead of your personal admin login
- Rotate client secrets regularly and store them securely (e.g., Azure Key Vault)
- Audit logs — monitor Graph API usage through Entra sign-in logs
- Limit write permissions to specific tasks if you plan to use Lokka for automation
Why Lokka Beats Traditional Scripting
Let’s be honest: PowerShell is awesome but writing, debugging, and maintaining scripts takes time. Lokka lets admins ask, not script.
- Faster insights without memorizing cmdlets
- Easier collaboration, anyone can understand the query
- Reduced context-switching between portals and terminals
- Works naturally with GitHub Copilot and other MCP-enabled AI tools
In short: Lokka supercharges your admin toolkit, bridging natural language, AI, and your Microsoft tenant.
The Bottom Line
Lokka isn’t replacing PowerShell; it’s extending it into the AI era. Whether you’re managing licenses, auditing groups, or checking mailbox configurations, Lokka gives you conversational control of your environment, safely, efficiently, and intelligently.
Thank you for stopping by. ✌️