Skip to content
CLI Tool

Secure Exchange CLI for AI Agents

Exchange environments span on-premises servers, Exchange Online, and hybrid setups. The Secure Exchange CLI applies consistent security rules across all of them, securing every Microsoft Graph API request your agents make.

The Problem

Giving AI agents direct access to your data is risky. Here's what can go wrong.

Broad API Permissions

Microsoft Graph API grants broad access to Exchange mailboxes with coarse permission scopes that lack per-agent or per-mailbox granularity.

On-Premises Lacks Modern Tooling

On-premises Exchange Server does not offer the same API governance tools as cloud services, forcing teams to write custom, unaudited middleware.

Hybrid Migrations Create Policy Gaps

During hybrid migrations, security policies set in Exchange Admin Center do not carry over automatically, leaving gaps that AI agents can exploit.

How PortEden Protects You

Six layers of security between AI agents and your data.

Unified CLI for Microsoft Graph

Write your security rules once and the CLI applies them to every Microsoft Graph API request, across all Exchange environments.

Environment-Aware Policies

Define different rule sets for on-premises, cloud, and hybrid mailboxes within the same config file, with automatic detection of mailbox location.

Consistent Visibility Controls

Apply the same visibility rules (full content, headers only, or redacted) to all Microsoft Graph requests across on-premises, hybrid, and cloud mailboxes.

Distribution List Filtering

Block AI agents from accessing emails sent to or from specific distribution lists, shared mailboxes, or security groups.

Get Started in 3 Steps

1

Install and Connect

Install the PortEden CLI and connect to your Exchange environment via Microsoft Graph.

2

Configure Environment Rules

Define security rules per environment, per agent, and per mailbox type in a single config file.

3

Enforce Across All Access Points

Route AI agent requests through the PortEden proxy so every Graph API request is filtered with unified audit logging.

Without vs. With PortEden

Without PortEden

  • Broad Graph API permissions with no per-agent granularity
  • On-premises Exchange lacks scriptable access controls for AI
  • Hybrid migrations create gaps in AI access policies
  • No unified audit trail across Graph API requests from different agents

With PortEden

  • One config file governs all Microsoft Graph API access
  • Scriptable, version-controlled rules for on-premises and cloud
  • Policies follow mailboxes automatically during hybrid migrations
  • Unified audit log across all environments and agents

Related Solutions

Ready to secure your data?

Set up PortEden in under 5 minutes. Free tier available.

Read the Docs