Terms of Use — microsoft-tasks-mcp
Last updated: 9 May 2026
These terms govern your use of microsoft-tasks-mcp, an open-source Model Context Protocol server published by XMV Solutions GmbH on GitHub, and the OAuth application registration in Microsoft Entra ID associated with it. The software itself is licensed under MIT OR Apache-2.0; see the LICENSE-MIT and LICENSE-APACHE files in the repository for the binding licence text.
Use of the default OAuth application
XMV Solutions GmbH owns and publishes a multi-tenant public-client OAuth application registration with Microsoft (the “Default OAuth App”). Anyone running microsoft-tasks-mcp may use the Default OAuth App by signing in with their own Microsoft 365 account. By doing so, you agree that:
- You have authority to access the Microsoft To Do lists and the Microsoft Planner plans you sign in to — i.e., they are your own tasks, or your organisation has authorised you to access them.
- You will not use the tool to bypass any audit, retention, or access controls put in place by your organisation or by Microsoft 365 itself.
- You will not attempt to obtain access beyond the delegated scopes requested by the application (
Tasks.Read, plusTasks.ReadWriteonly when you explicitly opt in via theTASKS_ALLOW_WRITES=trueenvironment variable;Group.Read.All,User.Read, andoffline_access) or to use the application to act on behalf of users other than yourself. - You acknowledge the tool's default posture is read-only: it does not request
Tasks.ReadWriteand exposes no tool that creates, updates, completes, or deletes tasks. SettingTASKS_ALLOW_WRITES=trueis an explicit per-deployment opt-in that adds write tools alongside the read tools. - You acknowledge that, even with writes enabled, the tool never modifies tasks the agent did not create itself. This is enforced at the tool layer by a per-profile created-by-me registry on your local machine: update / complete / delete tools refuse to act on any task whose ID is not in this registry, regardless of whether the underlying Microsoft Graph permission would allow it. There is no path where an agent decision results in a colleague's task being modified or deleted; there is no path where the agent silently flips a task's completion status. ETag-based optimistic concurrency provides a second guard against clobbering edits made externally between the agent's read and write.
- You acknowledge that the tool performs no bulk operations. Each write tool acts on exactly one task per invocation. There is no
delete_all_completed, noupdate_many, no batch endpoint exposed to the agent. - You acknowledge that the tool does not auto-assign tasks to other users. Planner's assignee field is populated only from values explicitly typed by you in the create-task call; there is no codepath where the agent looks up colleagues and silently puts work on their plate.
If your organisation prefers not to use the Default OAuth App — for example because of app-allowlisting policies — you can register your own OAuth application in your tenant and override the client identifier via the TASKS_CLIENT_ID environment variable. See the project documentation for details.
Disclaimer
microsoft-tasks-mcp is provided “as is”, without warranty of any kind, express or implied. XMV Solutions GmbH makes no guarantee of fitness for any particular purpose, of compatibility with any specific Microsoft 365 configuration, or of preservation of any audit, retention, or compliance properties beyond those provided by Microsoft Graph, Microsoft Planner, and Microsoft To Do themselves.
You are responsible for verifying that the tool meets your organisation's compliance requirements before using it on production-relevant data. The tool wraps Microsoft Graph; it does not replace your own diligence in reviewing Microsoft's documentation, your tenant's policies, or any audit-log obligations that apply to you.
Limitation of liability
To the fullest extent permitted by applicable law, XMV Solutions GmbH shall not be liable for any direct, indirect, incidental, special, or consequential damages arising from your use of, or inability to use, microsoft-tasks-mcp — including but not limited to data loss, mistakenly created tasks, broken audit trails, or unauthorised access by third parties. The licence terms in the repository's LICENSE-MIT and LICENSE-APACHE files apply.
Right to revoke or modify
XMV Solutions GmbH reserves the right to revoke, modify, or replace the Default OAuth App registration at any time, with or without notice. If the Default OAuth App becomes unavailable, you can continue using microsoft-tasks-mcp by registering your own OAuth application in your tenant as described above.
Governing law
These terms are governed by the laws of the Federal Republic of Germany. Place of jurisdiction, where legally permissible, is the registered seat of XMV Solutions GmbH.
Contact
XMV Solutions GmbH
E-mail: oss@xmv.de
Full company details: Impressum