Skip to main content
Guides Last updated: 6 March 2026

How to Use Outlook Assistant in AI Agents

Reference guide for AI agents using Outlook Assistant — tool selection, parameter patterns, output formats, and safety considerations.

This guide helps AI agents and their developers make effective use of Outlook Assistant’s 20 tools. It covers tool selection, safety annotations, output handling, and token efficiency.

Tool Selection Guide

User intentToolKey parameters
Find/search/list emailssearch-emailsquery, from, subject, folder
Read email contentread-emailid, outputVerbosity
Send an emailsend-emailto, subject, body, dryRun
Mark read/unread, flagupdate-emailaction, id or ids
List/download attachmentsattachmentsmessageId, action
Export emails to filesexporttarget, format, outputDir
List calendar eventslist-eventscount
Create calendar eventcreate-eventsubject, start, end
Decline/cancel/delete eventmanage-eventaction, eventId
Manage mail foldersfoldersaction
Manage inbox rulesmanage-rulesaction
Find peoplesearch-peoplequery
Manage contactsmanage-contactaction
Manage categoriesmanage-categoryaction
Apply categories to emailsapply-categorycategories, messageId/messageIds
Focused Inbox overridesmanage-focused-inboxaction
Out-of-office / working hoursmailbox-settingsaction
Read shared mailboxaccess-shared-mailboxsharedMailbox
Find meeting roomsfind-meeting-roomsbuilding, capacity
Auth status/connectauthaction

Safety Annotations

Every tool includes MCP annotations that indicate its safety profile:

AnnotationMeaningEffect in MCP clients
readOnlyHint: trueNo side effectsAuto-approved (in clients that support it)
destructiveHint: trueCan cause irreversible changesRequires user confirmation
idempotentHint: trueSafe to retryNo special handling
openWorldHint: trueCommunicates externallyRequires user confirmation

Read-Only Tools (auto-approved)

search-emails, read-email, list-events, search-people, access-shared-mailbox, find-meeting-rooms

Destructive Tools (always require confirmation)

send-email (destructive + openWorld), manage-event (destructive)

Other Tools

All remaining tools are non-destructive, non-read-only operations that respect the user’s permission settings.

Token Efficiency

Use outputVerbosity: "minimal" when you don’t need full content:

tool: search-emails
params:
  from: "boss@company.com"
  outputVerbosity: "minimal"

This returns only subject, sender, and date — significantly reducing token usage for large result sets.

LevelTokens per email (approx.)Use when
minimal~50Scanning, counting, listing
standard~200Reading previews, making decisions
full~500+Reading full content, analysis

Error Handling

Common error patterns:

ErrorCauseRecovery
401 UnauthorizedToken expiredCall auth with action: authenticate
403 ForbiddenMissing permissionCheck required Graph API permissions
404 Not FoundInvalid IDRe-search for the item
429 Too Many RequestsRate limitedWait and retry
Rate limit exceededOUTLOOK_MAX_EMAILS_PER_SESSION hitInform user, cannot send more

Common Agent Workflows

Search and Summarise

  1. search-emails with filters → get email IDs
  2. read-email for each ID → get content
  3. Summarise in natural language

Find and Flag

  1. search-emails with criteria → get IDs
  2. update-email with action: "flag" and ids: [...] → batch flag

Export a Thread

  1. search-emails with groupByConversation: true → find thread
  2. export with target: "conversation" → save to disk

Check Before Scheduling

  1. list-events → see existing calendar
  2. create-event → schedule avoiding conflicts

Monitor Inbox with Delta Sync

  1. search-emails with deltaMode: true (no token) → initial sync + deltaToken
  2. Store the deltaToken
  3. On next check: search-emails with deltaMode: true and deltaToken → only changes
  4. Process new/modified emails, note deleted IDs
  5. Store new deltaToken for next iteration

Delta tokens expire after extended periods. If you receive a 410 error, start a fresh initial sync.

Use cases: inbox monitoring agents, audit trail logging, notification triggers, change tracking dashboards.

See Monitor Your Inbox with Delta Sync for a complete walkthrough.

Automated Phishing Detection

  1. search-emails with filters → find suspicious messages
  2. read-email with headersMode: true, importantOnly: true → DKIM, SPF, DMARC results
  3. Analyse authentication results and spam scores
  4. update-email to flag or apply-category to tag suspicious messages
  5. folders with action: "move" to quarantine folder

See Investigate Email Headers for header interpretation.

Tips

  • Always check auth status before multi-step workflows
  • Use dryRun: true on send-email in automated contexts for human review
  • Prefer search-people over manage-contact search — it searches more broadly
  • Use kqlQuery for complex boolean searches, standard params for simple filters
  • Batch operations (ids, messageIds, emailIds) reduce API calls
Was this helpful?

Related Articles

ReferenceTools Reference - Outlook AssistantQuick reference for all 20 consolidated MCP tools across 9 modules. Each tool includes MCP safety annotations (readOnlyHint, destructiveHint, idempotentHint).How-To GuidesKQL Search Reference for Outlook AssistantUse Keyword Query Language to write precise search queries for emails by date, sender, subject, and message properties.How-To GuidesHow to Configure Working HoursSet your working hours and time zone so Outlook knows when you're available for scheduling.