msgraph-teams

Name: msgraph-teams
Author: automateyournetwork/netclaw

$npx mdskill add automateyournetwork/netclaw/msgraph-teams

Sends notifications and reports to Microsoft Teams channels via Graph API

Posts health alerts, security notifications, and change updates to Teams
Uses Microsoft Graph API with Azure AD credentials for authentication
Targets specific Teams channels using team IDs and channel names
Delivers messages, reports, and diagrams directly to configured Teams channels

SKILL.md

.github/skills/msgraph-teamsView on GitHub ↗

---
name: msgraph-teams
description: "Send notifications and reports to Microsoft Teams channels via Graph API - alert delivery, report posting, incident updates, and diagram sharing. Use when posting health alerts to Teams, sending security notifications, sharing change completion updates, or delivering reports to a Teams channel"
license: Apache-2.0
user-invocable: true
metadata:
  { "openclaw": { "requires": { "bins": ["npx"], "env": ["AZURE_TENANT_ID", "AZURE_CLIENT_ID", "AZURE_CLIENT_SECRET"] } } }
---

# Microsoft Graph — Teams Notifications

## How to Call the Tools

The Microsoft Graph MCP server is invoked via npx with Azure AD credentials:

```bash
AZURE_TENANT_ID=$AZURE_TENANT_ID AZURE_CLIENT_ID=$AZURE_CLIENT_ID AZURE_CLIENT_SECRET=$AZURE_CLIENT_SECRET \
  python3 $MCP_CALL "npx -y @anthropic-ai/microsoft-graph-mcp" <tool-name> '<arguments-json>'
```

## Available Operations

### 1. List Teams

```bash
AZURE_TENANT_ID=$AZURE_TENANT_ID AZURE_CLIENT_ID=$AZURE_CLIENT_ID AZURE_CLIENT_SECRET=$AZURE_CLIENT_SECRET \
  python3 $MCP_CALL "npx -y @anthropic-ai/microsoft-graph-mcp" graph_list_teams '{}'
```

### 2. List Channels in a Team

```bash
AZURE_TENANT_ID=$AZURE_TENANT_ID AZURE_CLIENT_ID=$AZURE_CLIENT_ID AZURE_CLIENT_SECRET=$AZURE_CLIENT_SECRET \
  python3 $MCP_CALL "npx -y @anthropic-ai/microsoft-graph-mcp" graph_list_channels '{"teamId":"<team-id>"}'
```

### 3. Send a Message to a Channel

```bash
AZURE_TENANT_ID=$AZURE_TENANT_ID AZURE_CLIENT_ID=$AZURE_CLIENT_ID AZURE_CLIENT_SECRET=$AZURE_CLIENT_SECRET \
  python3 $MCP_CALL "npx -y @anthropic-ai/microsoft-graph-mcp" graph_send_channel_message '{"teamId":"<team-id>","channelId":"<channel-id>","message":"<html-content>"}'
```

### 4. Reply to a Thread

```bash
AZURE_TENANT_ID=$AZURE_TENANT_ID AZURE_CLIENT_ID=$AZURE_CLIENT_ID AZURE_CLIENT_SECRET=$AZURE_CLIENT_SECRET \
  python3 $MCP_CALL "npx -y @anthropic-ai/microsoft-graph-mcp" graph_reply_to_message '{"teamId":"<team-id>","channelId":"<channel-id>","messageId":"<msg-id>","message":"<html-content>"}'
```

### 5. List Recent Messages

```bash
AZURE_TENANT_ID=$AZURE_TENANT_ID AZURE_CLIENT_ID=$AZURE_CLIENT_ID AZURE_CLIENT_SECRET=$AZURE_CLIENT_SECRET \
  python3 $MCP_CALL "npx -y @anthropic-ai/microsoft-graph-mcp" graph_list_channel_messages '{"teamId":"<team-id>","channelId":"<channel-id>"}'
```

## Message Formats

### Health Check Alert

```html
<h3>Health Check Report — 2026-02-22</h3>
<table>
  <tr><th>Device</th><th>CPU</th><th>Memory</th><th>Status</th></tr>
  <tr><td>R1</td><td>23%</td><td>45%</td><td>HEALTHY</td></tr>
  <tr><td>SW1</td><td>82%</td><td>67%</td><td>WARNING</td></tr>
</table>
<p><strong>1 WARNING</strong> — SW1 CPU at 82% (threshold: 80%)</p>
```

### Security Alert (Critical)

```html
<h3>CRITICAL — CVE Exposure Detected</h3>
<p><strong>Device:</strong> R1 (IOS-XE 17.9.4a)</p>
<p><strong>CVE-2023-20198</strong> (CVSS 10.0) — Web UI privilege escalation</p>
<p><strong>Exposure:</strong> CONFIRMED — ip http server enabled</p>
<p><strong>Action Required:</strong> Disable ip http server or upgrade immediately</p>
```

### Change Completion

```html
<h3>Change Complete — CHG0012345</h3>
<p><strong>Target:</strong> R1 — Add Loopback99 (99.99.99.99/32)</p>
<p><strong>Status:</strong> SUCCESS — verified, CR closed</p>
<p><strong>GAIT Branch:</strong> config-r1-loopback99-2026-02-22</p>
```

### Topology Diagram Share

```html
<h3>Updated Network Topology</h3>
<p>Campus physical topology regenerated from CDP/LLDP discovery.</p>
<p><strong>Devices:</strong> 4 | <strong>Links:</strong> 6 | <strong>Changes:</strong> +1 new link (R2-SW2)</p>
<p><a href="https://contoso.sharepoint.com/sites/neteng/Topology/campus-physical-2026-02-22.vsdx">Open in Visio</a></p>
```

## When to Use

- **Health alerts** — Post health check results with severity-coded summaries
- **Security notifications** — Alert on CVE exposure, failed security audits, or posture violations
- **Change updates** — Notify the team when changes are completed, failed, or rolled back
- **Incident updates** — Post investigation progress and resolution to incident channels
- **Report delivery** — Share audit reports, reconciliation results, and compliance summaries
- **Diagram sharing** — Post links to updated Visio topology diagrams on SharePoint

## Channel Mapping

Map Teams channels to NetClaw notification types:

```
### Teams Channel Map (configure in TOOLS.md)
- #netclaw-alerts     → P1/P2 critical alerts, CVE exposure
- #netclaw-reports    → Health reports, audit results, reconciliation
- #netclaw-changes    → Change request updates, completion notices
- #network-general    → P3/P4 notifications, topology updates
- #incidents          → Active incident investigation threads
```

## Integration with Other Skills

- **pyats-health-check** — Post health check summaries to Teams
- **pyats-security** — Alert on CVE exposure and failed security audits
- **netbox-reconcile** — Post drift detection results to Teams
- **servicenow-change-workflow** — Notify on CR creation, approval, completion
- **ise-incident-response** — Post investigation progress to incident channels
- **msgraph-visio** — Share Visio diagram links in Teams channels
- **msgraph-files** — Reference SharePoint file links in Teams messages
- **gait-session-tracking** — Record Teams notifications in audit trail

## Rules

1. **Never post credentials or secrets** to Teams channels
2. **Always include severity level** in alert messages
3. **Thread incident updates** — reply to the original message, don't create new top-level posts
4. **Respect channel purpose** — alerts go to alert channels, reports go to report channels
5. **Include actionable context** — every alert should say what happened and what to do next

## GAIT Audit Trail

Record Teams notifications in GAIT:

```bash
python3 $MCP_CALL "python3 -u $GAIT_MCP_SCRIPT" gait_record_turn '{"input":{"role":"assistant","content":"Posted fleet health report to Teams #netclaw-reports channel. 4 devices assessed: 3 HEALTHY, 1 WARNING (SW1 CPU 82%). Included table with CPU, memory, and interface status per device.","artifacts":[]}}'
```

More from automateyournetwork/netclaw

Skill	Description
aap-automation	Red Hat Ansible Automation Platform — inventory management, job template execution, project SCM sync, ad-hoc commands, host management, Galaxy content discovery. Use when automating infrastructure with Ansible, running playbooks, managing inventories, or searching for Ansible collections and roles.
aap-eda	Event-Driven Ansible (EDA) — activation lifecycle, rulebook management, decision environments, event stream monitoring. Use when managing event-driven automation triggers, enabling/disabling activations, or reviewing EDA rulebooks.
aap-lint	ansible-lint playbook and role validation — syntax checking, best practice enforcement, project-wide analysis, rule filtering. Use when validating Ansible playbooks, checking code quality, or enforcing automation best practices before deployment.
aci-change-deploy	Safe ACI policy change deployment - ServiceNow CR lifecycle, pre/post-change fault baselines, APIC policy application, automatic rollback on fault delta, and GAIT audit trail. Use when deploying ACI policy changes, creating tenants or EPGs, pushing config to APIC, or running a change window with rollback protection.
aci-fabric-audit	Comprehensive Cisco ACI fabric health audit - node status, tenant/VRF/BD/EPG policy review, contract analysis, fault triage, and endpoint learning verification. Use when auditing ACI fabric health, checking for faults, reviewing tenant policies, or running pre/post-change baselines on APIC.
arista-cvp	Arista CloudVision Portal (CVP) automation via REST API — device inventory, events, connectivity monitoring, tag management (4 tools). Use when managing Arista devices, checking CloudVision events, monitoring network connectivity probes, or tagging devices in CVP.
aruba-cx-config	View and manage Aruba CX switch configurations, perform ISSU upgrades, and firmware operations
aruba-cx-interfaces	Monitor Aruba CX switch interface status, LLDP neighbors, and optical transceiver health
aruba-cx-switching	View and manage Aruba CX switch VLANs and MAC address tables for Layer 2 operations
aruba-cx-system	Discover Aruba CX switch system information, firmware versions, and VSF topology