Skip to content
Email Security
Outlook

Secure Outlook for AI Agents

Microsoft Graph's Mail.ReadWrite scope grants access to every folder, contact, and attachment in a mailbox, plus shared mailboxes and delegate accounts. PortEden sits between your AI agent and the Graph API, enforcing the granular rules that Microsoft doesn't provide.

Connect PortEden to Outlook

Cloud MCP connector URL

https://mcp.porteden.com/email

Add as a connector in

ClaudeChatGPTGrokGeminiCopilot
Read full MCP connector setup docs

How PortEden Protects You

Six layers of security between AI and your data.

Visibility Controls

Choose what agents see: full content, headers only, or redacted versions with attachments stripped and sensitive fields removed.

Action Limits

Restrict agents to read-only, draft-only, or full write access while blocking batch operations and rule creation.

Contact Rules

Block agents from seeing emails involving specific contacts, distribution lists, or domains to keep confidential threads invisible.

Time Windows

Limit access to recent emails only with boundaries like 'last 7 days' or 'last 30 days' per agent.

Get Started in 3 Steps

1

Install — CLI or MCP

Install the PortEden CLI or add the cloud MCP connector to your AI client, then connect your Outlook account via secure Microsoft OAuth.

2

Set Your Rules

Configure visibility controls, contact rules, action limits, and time windows per agent.

3

Connect Your Agent

Point your AI agent to PortEden instead of Microsoft Graph and every request is filtered with full audit logging.

Without vs. With PortEden

Without PortEden

  • Mail.ReadWrite scope grants full access to all folders, contacts, and attachments with no middle ground
  • Shared mailboxes and delegate accounts exposed through a single token
  • Graph API $batch endpoint allows bulk operations without per-item confirmation
  • Raw Microsoft OAuth token stored in agent's environment. One leak compromises the tenant
  • No audit trail of which emails, folders, or contacts the agent accessed

With PortEden

  • Granular read-only, draft-only, or write access per agent, per folder if needed
  • Shared mailbox and delegate access blocked unless explicitly allowed
  • Batch operations intercepted and filtered against your rules individually
  • OAuth token stays in PortEden. Agents never see it, even in memory
  • Full audit log: which emails accessed, what was returned, what was blocked

Related Solutions

Looking for guidance specific to your industry? See industry pages →

Frequently Asked Questions

How do I restrict AI agent access to my Outlook inbox?
PortEden sits between your AI agent and Microsoft Graph API. Instead of granting Mail.ReadWrite (which gives full access to all folders, contacts, and attachments), you configure granular visibility controls, action limits, and contact rules. The agent only sees what your rules allow.
Can AI agents access shared mailboxes in Microsoft 365?
Yes. If an AI agent holds a token with Mail.ReadWrite scope and the user has delegate or shared mailbox access, the agent can read and modify mail across shared mailboxes. PortEden prevents this by scoping agent access to a single mailbox and blocking requests to shared or delegated mailbox endpoints.
What Microsoft Graph scopes does PortEden replace?
PortEden replaces broad scopes like Mail.ReadWrite, Mail.Send, and Mail.ReadWrite.Shared with its own granular permission model. Instead of all-or-nothing Graph API access, you define exactly what the agent can read, which folders it can see, and whether it can send, draft, or only read messages.
Does PortEden work with Exchange Online and on-premises Exchange?
PortEden works with Exchange Online (Microsoft 365) via Microsoft Graph API. For on-premises and hybrid Exchange environments, PortEden provides equivalent controls through its proxy layer. Hybrid environments with both cloud and on-premises mailboxes are fully supported.
How does PortEden handle Outlook delegate access?
Microsoft Graph allows users with delegate permissions to access another user's mailbox. PortEden enforces strict mailbox boundaries, so even if the underlying token has delegate access, agents are restricted to only the primary mailbox unless you explicitly allow cross-mailbox access in your rules.

Ready to secure your data?

Set up PortEden in under 5 minutes. Free tier available.

Read the Docs