CLI for Microsoft 365 MCP Server: Conditional Access Policy blocks browser login on Microsoft Corporate Tenant #294
Description
SUMMARY
The CLI for Microsoft 365 (v11.4.0) and its MCP Server cannot be used on Microsoft's own corporate tenant because the Conditional Access Policy blocks the browser-based authentication during "m365 setup" / "m365 login". This effectively makes the entire MCP ecosystem unusable for Microsoft employees who want to build AI agents that interact with their own M365 data.
ENVIRONMENT
CLI for Microsoft 365: v11.4.0
OS: Windows 11 (Microsoft Corporate Device)
Tenant: Microsoft Corporate (microsoft.com, Entra ID)
Node.js: v22.15.0
Auth method: Browser (default, configured via m365 setup)
STEPS TO REPRODUCE
- Install CLI for Microsoft 365: npm install -g @pnp/cli-microsoft365
- Run the interactive setup: m365 setup
- Select: "Create a new app registration", "All scopes", "Interactively", Auth type: browser
- Confirm settings. CLI opens browser for Microsoft login.
- Result: Browser shows "Sorry, a security policy is preventing access" (Conditional Access Policy, error 53003)
The login never completes. No app registration is created. The CLI and MCP Server are completely non-functional.
EXPECTED BEHAVIOR
The CLI should either:
- Support an authentication method that works within corporate Conditional Access constraints (e.g., device-based auth, WAM/broker, managed identity)
- Clearly document which tenants/policies are incompatible and suggest alternatives
- Allow using an existing, pre-approved app registration that has already been granted the necessary permissions by an admin
ACTUAL BEHAVIOR
The CLI's only interactive auth path (browser login) is blocked by Conditional Access. There is no fallback, no error handling, and no guidance on how to proceed. The setup wizard completes all configuration steps successfully, only to fail at the final authentication step with no recovery option.
WHY THIS MATTERS
Microsoft is actively promoting MCP (Model Context Protocol) as the standard for AI-to-service integration. The CLI for Microsoft 365 MCP Server is positioned as the official bridge between AI agents and M365 data (Outlook, Teams, SharePoint, etc.). However:
- Microsoft's own employees cannot use it on their corporate devices
- Any enterprise with strict Conditional Access policies will face the same blocker
- The only working alternative for M365 data access is Work IQ, which uses the Microsoft Search API with limited capabilities (e.g., cannot return Sent Items details, see microsoft/work-iq-mcp issue Blueprint inheritance not applied correctly #55)
This creates a paradox: Microsoft promotes MCP as the future of AI integration, but its own security infrastructure prevents it from working.
SUGGESTED SOLUTIONS
- Support Windows Authentication Manager (WAM) / broker-based auth -- leverages existing device trust and SSO tokens, bypassing Conditional Access restrictions for compliant devices
- Support certificate-based authentication for the MCP server context -- admins can pre-provision certificates for approved apps
- Allow "m365 setup" to use an existing app registration with pre-granted admin consent, skipping the need for interactive app creation
- Document enterprise deployment patterns -- how should an admin pre-configure the CLI for use in locked-down tenants?
RELATED ISSUES
Issue #287 in this repo -- App Registration created by A365 CLI is managed/locked, preventing permission changes (same ecosystem, different symptom)
microsoft/work-iq-mcp issue #55 -- Work IQ Sent Items limitation (the alternative that does work has its own gaps)
DISCLOSURE
I'm a Microsoft employee (FTE) testing this on our internal corporate tenant. Happy to collaborate with the product team internally -- reach out via Microsoft Teams.
Tested February 2026.