Lokka the AI-Powered Reindeer: Guiding Your Sleigh Through Azure and M365
Stephen Tulp
December 12, 2025
7 minutes to read
We’ve all heard about Microsoft and GitHub Copilot, but sometimes you need a helper that knows your specific environment inside and out. Meet Lokka.
What is Lokka?
Lokka is an open-source Model Context Protocol (MCP) server created by Merill Fernando. It acts as a middleware that connects AI language models directly to your Azure and Microsoft 365 tenants via the Microsoft Graph and Azure Resource Manager APIs. Think of it as a universal translator. You speak natural language, and Lokka translates your intent into the complex JSON dialects required to interact with your cloud environment. Lokka is actually a powerful tool that turns your CLI or chat interface into an administrative command center.
The types of things that Lokka can help you with include:
- Microsoft Entra ID: Manage users, groups, and policies.
- Intune: Query device configurations and compliance.
- Azure Resources: Check costs, list resources, and manage infrastructure.
- SharePoint & Teams: Interact with collaboration data.
How it Works
Lokka runs as an MCP server, which means it can be plugged into any MCP-compliant client (like Claude Desktop or VS Code). Under the hood, it exposes tools that the AI can call to perform actions.
It supports multiple authentication methods, including:
- Interactive Auth: Great for local testing and quick tasks.
- Client Credentials: For automated or application-only scenarios, supporting both secrets and certificates
- Client-Provided Token: For advanced scenarios where you manage the tokens yourself.
Getting Started
Details on getting started can be found in the installation Guide or if you are using VS Code, you can install the Lokka extension directly.
| Platform | VS Code |
|---|---|
| Windows |  |
| macOS/Linux |  |
What Can You Ask It?
The real magic happens when you start asking questions. Because it understands the context of your tenant, you can ask complex queries that would otherwise require writing a script or clicking through multiple portal blades.
Once you have it installed, ensure the server is started. You can see a list of the installed MCP servers in the Extension pane within VS Code and click the cog icon to start the Lokka server.
Open GitHub Copilot chat window, ensure you are in Agent Mode, have Lokka enabled as a tool, and start asking questions about your Azure or M365 tenant. You can use any model you like but I have found Claude Sonnet 4.5 to work the best for me. Ok now try asking it something like:
Get Information about your Tenant
Prompt: “Get all users in the tenant.”
We can see it authenticated using Lokka and then queried Microsoft Graph to get the list of users. If you expand the response you can see the full JSON response from Microsoft Graph for both the input and output of the request. I have auto-approved the consent on the required permissions for Lokka to access my tenant, you will need to do this the first time you run a query.
The output is a list of all users in my tenant, names and email addresses.
Get More Detailed Information about your Tenant
Prompt: “Give me a summary of the multi-factor authentication configuration across all the users.”
Something a little more complex and gives us a summary of the MFA status across all users in the tenant, whether they are registered or not, the types of methods they have registered, and a summary of the findings.
Creating Security Groups
The previous prompts just queried data, but Lokka can also create and modify resources in your tenant. Here we ask it to create a security group with dynamic membership based on job title.
Prompt:“Create a security group called Advent Calendar 2025 and add users to it dynamically if their job title is AI Intern.”
We can see it leveraging Microsoft Graph to create the security group and check to ensure it is created, then it searches for users with the job title of AI Intern and adds them to the group. Finally we get a summary of the actions taken. If we look in Entra we can see the new security group has been created with the correct membership rule.
Creating Application Registrations with Federated Credentials
Prompt: “Create an app registration called Advent Calendar 2025 with Open ID Connect federated credentials for GitHub using tulpy as the organisation, advent-calendar-2025 as the repo and sandbox as the environment name.”
This one is great and shows how Lokka can handle more complex tasks that involve multiple steps and configuration. Create an app registration with federated credentials for GitHub Actions.
We have created an Application Registration and then added the federated credentials for GitHub Actions based on the provided parameters needed for GitHub OIDC integration. Finally, we get a summary of the created app registration and its details. Below we can see the output in Entra showing the new app registration with the federated credentials.
If you think about all the administrative tasks you would perform across M365, SharePoint site creation, query OneDrive usage, or even generating reports on Intune compliance, Lokka can potentially handle it all through simple natural language prompts.
Conclusion
MCP represents a shift in how we interact with our infrastructure. Instead of memorising cmdlets or navigating endless menus, we can simply state our intent. It’s still an evolving project, but it’s a glimpse into a future where our tools work with us, not just for us.
Microsoft has also introduced the Microsoft MCP Server for Enterprise, a first-party interface designed to let AI agents query your Entra tenant data. By leveraging the open MCP standard, it acts as a translator, converting your natural language requests into precise Microsoft Graph API calls.