Skip to content
Email Security

Secure Exchange for AI Agents

Microsoft Graph API offers broad access to Exchange mailboxes with no granular controls. PortEden enforces per-agent rules on every Graph API request, whether your mailboxes are on-premises, hybrid, or fully in the cloud.

Connect PortEden to Exchange

Cloud MCP connector URL

https://mcp.porteden.com/email

Add as a connector in

ClaudeChatGPTGrokGeminiCopilot
Read full MCP connector setup docs

How PortEden Protects You

Six layers of security between AI and your data.

Visibility Controls

Choose what agents see: full content, headers only, or redacted versions, with the same rules across on-premises and Exchange Online.

Action Limits

Restrict agents to read-only, draft-only, or full write access across all Microsoft Graph API endpoints.

Contact Rules

Block agents from accessing emails involving specific contacts, distribution lists, or domains regardless of where the mailbox resides.

Time Windows

Limit access to recent emails only, restricting agents to relevant timeframes like the last 30 days.

Get Started in 3 Steps

1

Install — CLI or MCP

Install the PortEden CLI or add the cloud MCP connector to your AI client, then connect your Exchange accounts via Microsoft OAuth.

2

Set Your Rules

Configure visibility controls, contact rules, action limits, and time windows. Rules apply consistently across on-premises and cloud mailboxes.

3

Connect Your Agent

Point your AI agent to PortEden instead of Microsoft Graph directly. Every request is filtered through your rules with full audit logging.

Without vs. With PortEden

Without PortEden

  • Graph API grants broad read/write/send/delete with no granular control
  • Hybrid deployments have inconsistent security between on-prem and cloud
  • AI agents hold raw OAuth tokens directly
  • No audit trail of which mailboxes or messages agents accessed
  • Revoking access requires reconfiguring each Exchange environment separately

With PortEden

  • Granular read-only, draft-only, or write access per agent across all Exchange environments
  • Consistent security rules for on-premises, hybrid, and cloud mailboxes
  • Tokens and credentials stay in PortEden. Agents only get filtered data
  • Full audit log of every request across Microsoft Graph API
  • One-click revocation per agent without disrupting other integrations

Related Solutions

Looking for guidance specific to your industry? See industry pages →

Frequently Asked Questions

How does PortEden secure Exchange access from AI agents?
PortEden sits between AI agents and Microsoft Graph API, intercepting every request. It enforces visibility controls, action limits, contact rules, and time windows, so agents only see filtered, policy-compliant data regardless of the underlying Graph API permissions.
Does PortEden work with hybrid Exchange deployments?
Yes. PortEden provides consistent security controls whether your mailboxes are on-premises Exchange Server, Exchange Online, or in a hybrid configuration. The same rules apply across both environments, ensuring no security gaps during migration.
Can I use different AI agent policies for on-premises vs. cloud Exchange mailboxes?
Absolutely. PortEden supports per-account and per-agent rules. You can configure stricter controls for on-premises mailboxes containing sensitive legacy data while allowing broader access to cloud mailboxes, or vice versa.
How does PortEden handle Exchange token management?
PortEden manages all authentication tokens, including OAuth tokens for Exchange Online and on-premises servers. AI agents never touch these credentials directly, eliminating the risk of token exposure in agent environments.
What happens to PortEden security rules when we migrate from on-premises Exchange to Exchange Online?
Your security rules persist through migration. PortEden abstracts the underlying Exchange infrastructure, so visibility controls, contact rules, and action limits continue to apply whether the mailbox is on-premises or in the cloud. No reconfiguration needed.

Ready to secure your data?

Set up PortEden in under 5 minutes. Free tier available.

Read the Docs