What is the ConfigCobra MCP server?

The ConfigCobra MCP server is a Model Context Protocol integration that lets you connect your Microsoft 365 compliance data to any MCP-compatible AI assistant — including Claude, ChatGPT, and Cursor. Once connected, you can ask plain-language questions about your CIS findings, posture score, and remediation steps without logging into any dashboard.

Which AI assistants work with ConfigCobra MCP?

ConfigCobra MCP is compatible with Claude (claude.ai), ChatGPT (Plus, Team, and Enterprise plans), Cursor, and any other MCP-compatible client that supports HTTP/SSE transport.

Do I need a ConfigCobra subscription to use the MCP server?

Yes. The MCP server connects to your live assessment data, so you need an active ConfigCobra account with at least one completed scan. Start with a free 14-day trial to try it.

Available now

MCP Server · Model Context Protocol

Your AI assistant.
Your compliance data.

Q: Is the MCP connection secure?

Yes. The MCP connection is read-only — your AI assistant can query findings and evidence but cannot modify your ConfigCobra settings or your Microsoft 365 tenant. Authentication uses Microsoft OAuth 2.0, so your credentials never leave Microsoft's identity platform.

ConfigCobra ships a native MCP server. Connect it to Claude, ChatGPT, Cursor, or any MCP-compatible AI — then ask anything about your Microsoft 365 security posture in plain language. No dashboard. No exports. No waiting.

Connect your AI assistant →Start a free assessment first

Read-only

No write access, ever

OAuth 2.0

Microsoft identity, your credentials

Live data

From your last assessment

Any AI

Claude · ChatGPT · Cursor · more

The problem

The answer is in your compliance data. Getting to it takes too long.

Your ConfigCobra assessment holds every finding, every per-user detail, every remediation step — but accessing it means logging in, navigating, filtering, and exporting. The MCP server eliminates that. Your AI reads the data directly and answers in plain English, the moment you ask.

Before

Open dashboard, find the right view, filter, export…

After

"Which users have no MFA?" → instant answer.

Before

Copy findings into a slide deck manually every quarter

After

"Summarise our top risks for the board" → done.

Use cases

One integration. Different questions for every role.

IT Admin

Find exactly who's blocking your compliance score — in one question.

"Which users have no MFA methods registered?"

"Who are my global admins and do any of them have issues?"

"What controls regressed since Monday's scan?"

"List all failing Level 1 controls with their remediation steps."

CISO

Plain-language executive briefings. No dashboard, no exports.

"Summarise our top 10 critical findings for the board."

"What's our current CIS compliance score and how has it trended this month?"

"Which section has the most failures and what's the root cause?"

"Draft a remediation priority list ranked by severity and effort."

MSP / Consultant

Query every client tenant from a single AI conversation.

"Compare the compliance posture across my three client tenants."

"Which tenant needs the most urgent attention this week?"

"Generate a remediation summary for Contoso's Exchange Online section."

"Show me all tenants where CIS 5.1.1 is failing."

Auditor

Pull all the evidence you need. Ask for it in plain English.

"Show me all evidence for Section 1 controls as of last Tuesday."

"Which Identity controls passed Level 1 and Level 2?"

"List every control where manual verification is required."

"Generate a remediation plan for the three failing email controls."

How it works

Three things. One connection.

The MCP server sits between your AI assistant and your ConfigCobra assessment data. It exposes your live compliance results — findings, evidence, posture score, per-user details — as a set of tools your AI can call in real time.

Connect once with Microsoft OAuth — your credentials never leave Microsoft
Your AI queries your most recent assessment data in real time
Read-only — your AI can answer questions but cannot change anything
Works with Claude, ChatGPT, Cursor, and any MCP-compatible client
No extra agents, no scripts, no data exports

Connect your AI →View setup guide

Claude · ConfigCobra connected

Which users have no MFA registered?

Based on your latest ConfigCobra scan (6 Jun 2026), 4 users have no MFA methods registered: • alice@contoso.com — Global Admin ⚠️ • bob@contoso.com • carol@contoso.com • david@contoso.com This fails CIS Control 1.1.1 (Level 1). Remediation: enable MFA via Entra ID.

What's our overall CIS score?

Your current CIS Microsoft 365 score is 71% (92/129 controls passing). Your weakest section is Exchange Online — 14 failing controls, 6 of them Level 1.

Compatible AI clients

Works with the AI you already use.

Claude

claude.ai — native MCP support

ChatGPT

Plus · Team · Enterprise

Cursor

IDE & AI agent

Any MCP client

HTTP / SSE transport

Any tool that supports MCP over HTTP/SSE can connect. View the full setup guide →

FAQ

Common questions

Do I need a ConfigCobra subscription?

Yes — the MCP server connects to your live assessment data, so you need an active account with at least one completed scan. Start with a free 14-day trial that covers 15 controls.

Is it secure?

The connection is read-only. Your AI can query findings and evidence but cannot modify your ConfigCobra settings or your Microsoft 365 tenant. Authentication uses Microsoft OAuth 2.0 — your credentials never leave Microsoft's identity platform.

Which AI clients are supported?

Claude (claude.ai), ChatGPT (Plus, Team, Enterprise), Cursor, and any other MCP-compatible client that supports HTTP/SSE transport. New clients that add MCP support work automatically — no changes needed on your end.

How fresh is the data my AI sees?

Your AI sees the data from your most recent ConfigCobra assessment. If you run scans daily, the data is from your last daily scan. The MCP server does not trigger new scans — it only reads existing results.

Can I use this in Cursor to build compliance tooling?

Yes. Cursor's MCP support lets you embed ConfigCobra compliance data directly into your development workflow — for example, checking whether a Terraform change would break a CIS control before you apply it.

Coming Q3 2026

This is just the start. Sentra goes further.

Today your AI assistant can query your existing CIS compliance data via MCP. With Sentra, the AI becomes the auditor — evaluating your tenant against CIS, NIS2, ISO 27001, SOC 2, and DORA, in plain language, on demand. Same Microsoft connector. Purpose-trained model.

Your AI assistant.Your compliance data.