Interactive apps
In hosts that support MCP Apps (like Claude Desktop and VS Code with GitHub Copilot), Lokka ships four interactive apps that render right inside the chat. In hosts without MCP Apps support everything still works β you just get text results instead of the visual tools.
tip
Type lokka help in the chat for a visual tour of everything below, with one-click launchers and sample prompts.
| Say⦠| Opens |
|---|---|
lokka help | A visual tour of all of Lokka's tools |
open lokka | The Graph explorer |
lokka sign in (or lokka auth) | The connections manager |
lokka permissions | The permissions manager |
Graph explorer β open lokkaβ
The explorer opens automatically whenever the AI runs a Graph query, showing exactly what was called β and it's a full query workbench you can drive yourself:
- Endpoint IntelliSense β type a path and autocomplete over 28,000+ Graph endpoints (v1.0 and beta), generated from the official OpenAPI spec. Paste a full Graph URL and it splits into path + query parameters automatically.
- Resource-aware query IntelliSense β inside
$filter,$select,$orderbyand$expandvalues, Lokka knows which entity your path returns and suggests its actual properties (with types), then valid operators for each property, then value templates. Operators that need Entra advanced queries are marked β‘ β picking one automatically enablesConsistencyLevel: eventualand adds$count=truefor you. - Built-in parameter help β every OData parameter row has an β button with condensed reference content (operators, syntax, examples you can apply with one click) and links to the full Microsoft Learn pages.
- Results your way β a sortable, filterable table (virtualized for huge result sets), a collapsible color-coded JSON tree, or raw JSON. Click any row to drill into the full record.
- Fetch all pages β pagination with live progress; cancelling keeps everything fetched so far.
- Code snippets β turn the current request into PowerShell (
Invoke-MgGraphRequest), raw HTTP, C#, Go, Java, JavaScript, PHP, Python or Graph CLI. - Export & share β download results as JSON or CSV, copy to clipboard, or open the request in Microsoft Graph Explorer. Results stay private to the explorer until you click Add to context or Ask β you decide what the AI sees.
- Permissions tab β shows the permissions required for the current endpoint vs. what your token has, with one-click consent. When a query fails with 403, a Fix permissions banner takes you straight there.
- Samples & history β a library of common queries (users, groups, sign-in logs, Conditional Accessβ¦) and a session history to replay earlier requests.
- When several tenants are signed in, a small indicator under the method shows which tenant domain the result ran against.
Connections β lokka sign inβ
Work across multiple tenants without restarting anything:
- Sign in as a user (browser sign-in with device-code fallback) or as a service principal (client ID + secret β held in memory only, never written to disk).
- Environments: Global and US Government clouds.
- See every connection's tenant name, domain, account and permission count β including the connection Lokka started with β and switch the active connection with one click. All Graph and Azure calls route through the active connection.
- The AI can switch too: say "switch lokka to my dev tenant" and the
switch-lokka-connectiontool fuzzy-matches the tenant by name, domain, ID or username. When connections change, Lokka tells the model so it re-runs queries instead of reusing results from the previous tenant (every result is also stamped with the connection it ran against).
Connections are session-scoped: they live for the lifetime of the MCP server process.
Permissions β lokka permissionsβ
See what Lokka can access and grant more when needed:
- Currently consented permissions, read live from your token.
- Search 1,100+ Graph permissions (delegated and application) with plain-English descriptions and admin-consent flags, sourced from the same catalog Graph Explorer uses.
- Pick and consent in one flow β the consent screen is always shown (
prompt=consent), and Lokka then refreshes with a brand-new token so the new permissions apply immediately. App-only connections get the tenant admin-consent link instead. - The AI can pre-select for you: after a 403 it opens this app with the missing permission already ticked β you just approve.
Help β lokka helpβ
A visual tour of all of the above: capability cards with "Open it now" launchers, copyable sample prompts, and pro tips (fixing 403s, fetch-all, ConsistencyLevel).
Tools referenceβ
Tools the AI can call directly:
| Tool | Purpose |
|---|---|
Lokka-Microsoft | Run any Microsoft Graph or Azure Resource Management request |
open-graph-explorer | Open the Graph explorer (optionally pre-filled with a path) |
open-lokka-connections | Open the connections manager |
open-lokka-permissions | Open the permissions manager (optionally with permissions pre-selected for consent) |
open-lokka-help | Open the help tour |
lokka-list-connections | List signed-in tenant connections and which is active |
switch-lokka-connection | Switch the active tenant connection (fuzzy-matched) |
get-auth-status / set-access-token / add-graph-permission | Authentication status and token management |
A further set of internal tools (prefixed lokka-) powers the app UIs and is hidden from the AI in MCP Apps hosts.