OneDrive MCP server

The OneDrive MCP server enables LLMs to work with files and folders stored in Microsoft OneDrive for Business through natural conversation. It provides tools to discover files, retrieve metadata and content, organize folders, manage sharing and access, and handle the lifecycle of OneDrive artifacts without requiring direct interaction with the OneDrive interface.

NOT COMPATIBLE WITH POWERPOINT OR WORD

The OneDrive MCP server doesn't support actions for Microsoft PowerPoint or Microsoft Word.

Uses

Use the OneDrive MCP server to perform the following actions:

• Search for files and folders using name keywords, file type, owner, or time filters
• List contents of specific folders with pagination support
• Get metadata and permission information for files and folders
• Retrieve readable text content from files
• Create new folders and organize folder structures
• Copy files to create duplicates or templates
• Upload and save files to OneDrive
• Move files and folders to different locations
• Rename files and folders
• Delete files and folders
• Review sharing and access permissions
• Share files and folders with specific users or groups
• Modify or remove existing permissions

Example prompts

You can use the following prompts to invoke OneDrive MCP server tools:

• Find all PowerPoint presentations modified in the last week.
• List what's in my Project Alpha folder.
• Get the metadata for this quarterly report file.
• Read the contents of the meeting notes document.
• Create a new folder called Q1 2026 Reports.
• Copy the proposal template to my current project folder.
• Save this document to my OneDrive.
• Move these files to the Archive folder.
• Rename this file to include the date.
• Who has access to the budget spreadsheet?
• Share the project plan with Jade and give her edit access.
• Change Alex to read-only access on this document.

OneDrive MCP server tools

The OneDrive MCP server provides the following tools:

Tool	Description
find_files	Searches for files and folders in OneDrive using name keywords, file type, owner, time filters, and optional content search.
list_folder_items	Lists the immediate contents of a OneDrive folder you specify with pagination support.
get_file_metadata	Returns metadata and permission information for a OneDrive file or folder by its unique ID.
get_file_content	Retrieves readable text content from a OneDrive file you specify.
create_folder	Creates a new folder in OneDrive at a parent location you specify.
copy_file	Creates a copy of an existing OneDrive file, optionally with a new name and destination folder.
create_upload_session	Initiates an upload session for storing an externally produced file artifact in OneDrive.
finalize_upload	Completes a previously initiated upload session and returns the resulting OneDrive file details.
move_item	Moves a file or folder to a different folder within OneDrive.
rename_item	Renames a file or folder in OneDrive.
delete_item	Deletes a file or folder, moving it to the OneDrive recycle bin.
get_permissions	Retrieves the current sharing and access information for a OneDrive file or folder you specify.
share_item	Grants access to a OneDrive file or folder you specify for one or more users or groups.
modify_permission	Updates the access role for an existing permission entry or removes an existing permission entry entirely.

Install the OneDrive MCP server

Complete the following steps to install a prebuilt MCP server to your project:

1

Sign in to your Workato account.

2

Go to AI Hub > MCP servers.

3

Click + Create MCP server.

4

Go to the Start with pre-built MCP Servers using your connected apps section and select the prebuilt MCP server you plan to use.

5

Click Use this server.

6

Provide a name for your MCP server in the Server name field.

7

Use the Location drop-down menu to select the project for the MCP server.

8

Go to the Connections section and connect to your app account.

9

Select the connection type you plan to use for the MCP server template.

• User's connection: MCP server tools perform actions based on the identity and permissions of the user who connects to the application. Users authenticate with their own credentials to execute the skill.
• Your connection: This option uses the connection established by the recipe builder and follows the same principles as normal app connections.

Select your connection type

VERIFIED USER ACCESS AUTHENTICATION REQUIREMENTS

Only app connections that use OAuth 2.0 authorization code grant are available for user's connection. Refer to Verified user access for more information.

10

Complete the app-specific connection setup steps in the following section.

OneDrive connection setup

View OneDrive connection setup steps

Workato supports the following types of connections to OneDrive:

• Authorization code grant authentication (OAuth 2.0)
• Client credentials-based authentication (OAuth 2.0)

MICROSOFT MFA ENFORCEMENT

Microsoft is rolling out mandatory multi-factor authentication (MFA) (opens new window) gradually to different applications and accounts in phases. This enforcement will continue throughout 2025 and beyond.

We strongly recommend enabling MFA now for all Microsoft accounts used with Workato to avoid service disruptions from short-notice enforcement changes.

Complete the following steps to maintain uninterrupted service:

1

Enable MFA for your Microsoft organization following Microsoft's MFA setup guide (opens new window).

2

Reconnect your Microsoft connection in Workato.

3

Complete the OAuth flow with MFA when prompted.

4

Test your recipes to ensure they work with the updated connection.

Authorization code grant authentication (OAuth 2.0)

View Authorization code grant authentication steps

Authorization code grant authentication consists of the following steps:

• Register the Workato App in Azure portal
• Complete setup in Workato

This authentication method requires the following value for tenant-specific account types:

• Tenant ID/Domain

Register the Workato App in Azure portal

View Register the Workato App in Azure portal steps

Complete the following steps to register the Workato app and assign it permissions for authorization code grant connections:

1

Register the Workato app in the Azure Portal

1

Sign in to the Azure portal (opens new window).

2

Select App registrations > + New registration, under Azure services.

3

Enter a unique name for the application and select a Supported account type.

4

Select Web from the Select a platform drop-down menu.

5

Use the following URI for the Redirect URI:

https://www.workato.com/oauth/callback

6

Select Register.

Register an app

2

Assign permissions to your app

1

Select Manage > API permissions in the navigation sidebar.

2

Click + Add a permission and select Microsoft Graph APIs.

3

Add the required permissions as outlined in the Permissions required to connect section. Depending on your connection type, you must assign Application or Delegated permissions.

Add permissions

4

Click Add permissions. If specific permissions require admin consent, refer to the Granting admin consent (opens new window) section for guidance.

3

Obtain the Directory (tenant ID) from the Azure portal

1

Go to the Overview > Essentials section.

App details

2

Copy the Directory (tenant) ID for use in Workato.

Complete setup in Workato

View Complete setup in Workato steps

1

Click Create > Connection.

2

Search for and select OneDrive as your connection on the New connection page.

3

Provide a name for your connection in the Connection name field.

4

Use the Location drop-down menu to select the project where you plan to store the connection.

5

Use the Connection account type drop-down menu to select the type of account you plan to use. The available choices are Personal, Business, and Tenant-specific.

• Personal: This option allows you to sign in using a personal account that isn't restricted to a specific organization (tenant).

Personal connections

• Business: This option allows you to sign in using a user account that belongs to a company or organization.

Business connections

• Tenant specific: This option is specifically designed for users who belong to a particular organization (tenant).

Tenant specific connections

Enter the Tenant ID/Domain. Use either the Directory (tenant) ID or the tenant domain for your Azure AD tenant. This ensures that you are accessing resources that are specifically configured for that tenant. Learn how to obtain this value.

6

Select Authorization code grant as the Authentication type.

7

Optional. Configure permissions in Advanced settings. The connector requests all required scopes by default.

The following scopes are required to establish a connection:

• Files.Read
• offline_access

Workato always requests these scopes. Refer to the permissions section for more information.

8

Optional. Use the Custom OAuth profile drop-down menu to select a custom OAuth profile for your connection.

9

Click Sign in with Microsoft.

Client credentials-based authentication (OAuth 2.0)

View Client credentials-based authentication steps

This authentication method consists of the following steps:

• Register the Workato App in the Azure portal
• Complete setup in Workato

COMPATIBLE AUTHENTICATION

Client credentials-based authentication is only compatible with tenant-specific connections.

This method requires the following fields:

• Tenant ID/Domain
• User ID
• Client ID
• Client Secret

Register the Workato App in the Azure Portal

View Register the Workato App in the Azure Portal steps

Complete the following steps to register the Workato app and assign it permissions for client credentials-based connections.

1

View Register the Workato App in the Azure Portal steps

1

Sign in to the Azure portal (opens new window).

2

Select App registrations > + New registration, under Azure services.

3

Enter a unique name for the application and select a Supported account type.

4

Select Web from the Select a platform drop-down menu.

5

Use the following URI for the Redirect URI:

https://www.workato.com/oauth/callback

6

Select Register.

Register an app

2

View Assign permissions to your app steps

1

Select Manage > API permissions in the navigation sidebar.

2

Click + Add a permission and select Microsoft Graph APIs.

3

Add the required permissions as outlined in the Permissions required to connect section. Depending on your connection type, you must assign Application or Delegated permissions.

Add permissions

4

Click Add permissions. If specific permissions require admin consent, refer to the Granting admin consent (opens new window) section for guidance.

3

View Generate a client secret steps

1

Go to Manage > Certificates & Secrets > Client secrets.

2

Click + New client secret.

3

Provide a Description for the client secret and specify an expiry date.

4

Click Add.

5

Copy and save the client secret Value—not the Secret ID—for use in Workato.

Copy and save the client secret value

4

View Obtain the Application (client) ID, Object ID, and Directory (tenant) ID from the Azure Portal steps

1

Go to the Overview > Essentials section.

App details

2

Copy the Application (client) ID, Object ID, and Directory (tenant) ID for use in Workato.

5

View Obtain the User ID from the Azure Portal steps

1

Go to Home > Users to obtain the User ID.

Select users

2

Search for and select the default user you plan to use to perform operations. This user does not establish the connection but is required for performing certain operations that an app can't perform. It is also required in picklists to pull user data. For example the folder picklist populates folders belonging to the default user.

3

Copy the User principal name. Use this value as the User ID in Workato.

Complete setup in Workato

View Complete setup in Workato steps

1

Click Create > Connection.

2

Search for OneDrive and select it as your app on the New connection page.

3

Provide a name for your connection in the Connection name field.

4

Use the Location drop-down menu to select the project where you plan to store the connection.

5

Select Tenant specific as the Connection account type. This option supports accounts tied to a specific organization (tenant).

Tenant specific account connection type

6

Provide your Tenant ID/Domain. This is the Directory (tenant) ID for your app. Refer to the Register an app in Azure section to learn how to obtain this value.

7

Select Client credentials as the Authentication type.

8

Provide the User ID, Client ID, and Client secret for your app. Refer to the Register an app in Azure section to learn how to obtain these values.

9

Optional. Use the Custom OAuth profile drop-down menu to select a custom OAuth profile for your connection.

10

Click Sign in with Microsoft.

Permissions required to connect

Permissions control access to OneDrive resources. This section outlines the default and minimum scopes for each authentication type.

Default scopes for authorization code grant connections

The OneDrive connector requests the following scopes by default. These scopes support all triggers and actions. You must assign these as Delegated permissions in the Azure portal:

• Files.ReadWrite
• Group.Read.All
• Files.Read
• offline_access

Minimum scopes for authorization code grant connections

The following minimum scopes are required to establish a connection to OneDrive using authorization code grant authentication:

• Files.Read
• offline_access

Default scopes for client credential connections

We recommend the following scopes for client credentials connections. These scopes support all triggers and actions. You must assign these permissions as Application permissions in the Azure portal:

• Files.Read.All
• Files.ReadWrite.All
• Group.Read.All
• Sites.ReadWrite.All

Minimum scopes for client credential connections

The following minimum scopes are required to establish a connection to OneDrive using client credentials-based authentication:

• Files.Read.All

How to use OneDrive MCP server tools

Refer to the following sections for detailed information on available tools:

find_files tool

The find_files tool searches for files and folders in OneDrive using name keywords, file type, owner, time filters, and optional content search. Your LLM uses this tool to find, search, or locate files or folders without knowing the exact folder location.

Try asking:

• Find all PowerPoint presentations modified in the last week.
• Search for files containing 'budget' in the name.
• Locate documents owned by Mei from last month.
• Find Excel files with 'Q4' in the filename.

list_folder_items tool

The list_folder_items tool lists the immediate contents of a OneDrive folder you specify with pagination support for large folders. Your LLM uses this tool to list what's in a folder or browse a known location.

Try asking:

• List what's in my Project Alpha folder.
• Show me the contents of the Marketing folder.
• What files are in my Documents folder?
• Browse the Q1 2026 Reports folder.

get_file_metadata tool

The get_file_metadata tool returns metadata and permission information for a OneDrive file or folder by its unique ID. Your LLM uses this tool to inspect an identified file or folder before taking action, confirm who has access, or verify ownership or sharing.

Try asking:

• Get the metadata for this quarterly report file.
• Show me the details for this document.
• When was this file last modified?
• Who owns this folder?

get_file_content tool

The get_file_content tool retrieves readable text content from a OneDrive file you specify using Microsoft Graph export when necessary. Your LLM uses this tool to read, review, summarize, or extract information from a OneDrive file, or when a file is needed as input to a downstream task.

Try asking:

• Read the contents of the meeting notes document.
• Show me what's in the proposal file.
• Summarize the quarterly report.
• Extract the key points from this document.

create_folder tool

The create_folder tool creates a new folder in OneDrive at a parent location you specify. Your LLM uses this tool to create a new folder, set up folder structure for a project, or prepare a location to store files.

Try asking:

• Create a new folder called Q1 2026 Reports.
• Set up a Project Beta folder in my Documents.
• Make a new Archive folder.
• Create a folder for client presentations.

copy_file tool

The copy_file tool creates a copy of an existing OneDrive file, optionally with a new name and destination folder. Your LLM uses this tool to copy or duplicate a file, or create a new document from a template.

Try asking:

• Copy the proposal template to my current project folder.
• Duplicate this document and rename it 'Version 2'.
• Create a copy of the budget spreadsheet for Q2.
• Copy this presentation to the Archive folder.

create_upload_session tool

The create_upload_session tool initiates an upload session for storing an externally produced file artifact in OneDrive. Your LLM uses this tool as the first step to save, store, or upload a file to OneDrive.

Try asking:

• Start an upload session to save this document.
• Prepare to upload this file to my OneDrive.
• Initialize upload for the new report.
• Begin upload session for this presentation.

finalize_upload tool

The finalize_upload tool completes a previously initiated upload session and returns the resulting OneDrive file details. Your LLM uses this tool to complete an upload initiated by create_upload_session.

Try asking:

• Complete the upload session for this document.
• Finalize the file upload.
• Finish uploading the report to OneDrive.
• Complete the upload and save the file.

move_item tool

The move_item tool moves a file or folder to a different folder within OneDrive. Your LLM uses this tool to move a file or folder to another location, file documents into a project folder, or reorganize content.

Try asking:

• Move these files to the Archive folder.
• File this document into the Q1 Reports folder.
• Reorganize by moving the presentations to the Marketing folder.
• Move the budget spreadsheet to Project Alpha.

rename_item tool

The rename_item tool renames a file or folder in OneDrive. Your LLM uses this tool to rename a file or folder, apply naming conventions, or correct a file name.

Try asking:

• Rename this file to include the date.
• Change the folder name to 'Q1 2026 Archive'.
• Update this document's name to 'Final Proposal'.
• Correct the filename to match our naming convention.

delete_item tool

The delete_item tool deletes a file or folder, moving it to the OneDrive recycle bin. Your LLM uses this tool when you explicitly ask to delete a file or folder.

Try asking:

• Delete this outdated report.
• Remove the draft folder.
• Delete these old presentation files.
• Clear out the temporary documents.

get_permissions tool

The get_permissions tool retrieves the current sharing and access information for a OneDrive file or folder you specify. Your LLM uses this tool to view who has access to a file or folder, confirm whether specific stakeholders have access, troubleshoot access issues, or validate sharing state.

Try asking:

• Who has access to the budget spreadsheet?
• Show me the sharing permissions for this folder.
• Does Marco have access to this document?
• Check who can view the project plan.

share_item tool

The share_item tool grants access to a OneDrive file or folder you specify for one or more users or groups. Your LLM uses this tool to share a file or folder with people you specify, grant review or edit access, or ensure stakeholders have access.

Try asking:

• Share the project plan with Jade and give her edit access.
• Grant Alex read access to this document.
• Share this folder with the Marketing team.
• Give Josh review access to the proposal.

modify_permission tool

The modify_permission tool updates the access role for an existing permission entry on a OneDrive file or folder, or removes an existing permission entry entirely. Your LLM uses this tool to change someone's access level or remove someone's access.

Try asking:

• Change Alex to read-only access on this document.
• Make Mei an editor on the budget file.
• Remove Josh's access to this folder.
• Revoke Marco's permissions on this file.

Getting started

View and manage your MCP server tools in the Overview page Tools section. Tool management provides the following capabilities:

• Start tools
• Remove tools
• Edit tools
• Add tools
• Edit your LLM-facing MCP server description

TOOLS MUST BE STARTED

Your LLM can only access active tools in your MCP server connector.