Secure Outlook for AI Agents
Microsoft Graph's Mail.ReadWrite scope grants access to every folder, contact, and attachment in a mailbox, plus shared mailboxes and delegate accounts. PortEden sits between your AI agent and the Graph API, enforcing the granular rules that Microsoft doesn't provide.
Secure Outlook CLI
PortEden's Secure Outlook CLI is a command-line tool that intercepts AI agent requests to Microsoft Graph. Install it, connect your Microsoft 365 account, and define rules that replace Mail.ReadWrite's broad access with fine-grained controls. Works with any AI agent out of the box.
The Problem
Giving AI agents direct access to your data is risky. Here's what can go wrong.
Broad Graph API Scopes
Mail.ReadWrite grants access to all mail folders, contacts, and attachments with no per-folder or per-sender scoping.
Tenant-Wide Exposure
A compromised agent token can access shared mailboxes, distribution lists, and org-wide address books, turning a single leak into a tenant-wide breach.
Batch API Abuse
Microsoft Graph's $batch endpoint lets agents execute up to 20 operations in a single request, enabling bulk-delete and bulk-modify without confirmation.
How PortEden Protects You
Six layers of security between AI agents and your data.
Visibility Controls
Choose what agents see: full content, headers only, or redacted versions with attachments stripped and sensitive fields removed.
Action Limits
Restrict agents to read-only, draft-only, or full write access while blocking batch operations and rule creation.
Contact Rules
Block agents from seeing emails involving specific contacts, distribution lists, or domains to keep confidential threads invisible.
Time Windows
Limit access to recent emails only with boundaries like 'last 7 days' or 'last 30 days' per agent.
Get Started in 3 Steps
Install the CLI
Install PortEden CLI and connect your Outlook account via secure Microsoft OAuth.
Set Your Rules
Configure visibility controls, contact rules, action limits, and time windows per agent.
Connect Your Agent
Point your AI agent to PortEden instead of Microsoft Graph and every request is filtered with full audit logging.
Without vs. With PortEden
Without PortEden
- Mail.ReadWrite scope grants full access to all folders, contacts, and attachments with no middle ground
- Shared mailboxes and delegate accounts exposed through a single token
- Graph API $batch endpoint allows bulk operations without per-item confirmation
- Raw Microsoft OAuth token stored in agent's environment. One leak compromises the tenant
- No audit trail of which emails, folders, or contacts the agent accessed
With PortEden
- Granular read-only, draft-only, or write access per agent, per folder if needed
- Shared mailbox and delegate access blocked unless explicitly allowed
- Batch operations intercepted and filtered against your rules individually
- OAuth token stays in PortEden. Agents never see it, even in memory
- Full audit log: which emails accessed, what was returned, what was blocked