Claude Can Now Send Your Email. Should It?

Claude just got write access to Microsoft 365 — email, calendar, SharePoint. Here's the governance checklist every IT leader needs before enabling it.

By Rajesh Beri·July 8, 2026·9 min read
Share:
THE DAILY BRIEF
Enterprise AIMicrosoft 365Claude EnterpriseAI GovernanceAnthropic
Claude Can Now Send Your Email. Should It?

Claude just got write access to Microsoft 365 — email, calendar, SharePoint. Here's the governance checklist every IT leader needs before enabling it.

By Rajesh Beri·July 8, 2026·9 min read

For four years, AI assistants in the enterprise were observers. They could read your email. Search your calendar. Summarize a SharePoint document. But they couldn't act. The data flowed one way — into the model — and humans remained in the loop for every output that left the system.

That changed on July 7, 2026.

Anthropic updated the Microsoft 365 connector for Claude Enterprise, extending it from read-only to read/write. Claude can now draft and send email, manage calendar events, update mailbox settings, and create or update files in OneDrive and SharePoint. The connector has been available for months, but until this week it was passive. Now it has hands.

This is not a minor product update. It is a governance inflection point. And most enterprise IT and security teams aren't ready for it.

What Exactly Changed — And What Didn't

The July 7 release is specific. Here's what Claude can now do through the Microsoft 365 connector when write tools are enabled:

Email: Draft, send, organize, and manage drafts. Claude can compose from scratch or work from your instructions, then send directly from your account within your existing M365 permissions.

Calendar: Create, update, and delete calendar events. Schedule meetings, set reminders, manage recurring events.

Mailbox settings: Update rules, signatures, and mailbox configurations — the administrative layer most users rarely touch manually.

OneDrive and SharePoint: Create new files, update existing ones. This includes Word documents, Excel spreadsheets, PowerPoint presentations, and raw files stored in your org's SharePoint environment.

What stays read-only: Microsoft Teams. Claude can read Teams messages and channels, but write access to Teams has not been enabled. That's a meaningful boundary — chat and collaboration streams remain human-controlled for now.

This is a meaningful scope. It covers the four core workflows that eat the most time for knowledge workers: communication, scheduling, document creation, and file management. All four can now be delegated to Claude without requiring a human to copy-paste output.

How the Permissions Architecture Works

Before your team can use write tools, two things must happen at the admin layer.

First, a Microsoft Entra administrator must consent to the updated permission set. This is not automatic — Entra admins will see a new permission request in their consent workflow that goes beyond what read-only integration required. Accepting it is a deliberate act.

Second, an organization administrator in Claude Enterprise must explicitly enable write tools for the organization. It's off by default. No user can opt in individually.

This layered approach is the right design. It mirrors how Microsoft itself handles sensitive API permissions — requiring explicit admin consent rather than user-level opt-in. But it also means the decision is being made at the admin tier, potentially without full awareness of the operational implications downstream.

There's an important nuance in how write access is scoped: Claude operates within each member's existing Microsoft 365 permissions. If a user can't send email from a shared mailbox in native M365, Claude can't do it on their behalf either. The AI does not escalate privileges. What the user can do, Claude can do. What the user can't do, Claude can't do.

That's the right constraint. But it also means your existing M365 permission model — which many organizations have not audited in years — is now the security boundary for your AI agent's write access.

The Governance Conversation You Need to Have This Week

Most enterprise security teams think about AI risk in terms of data access: what can the model see? That question is still valid. But Claude's M365 write access introduces a second category of risk that is less familiar: what can the model do?

Send-on-behalf is new territory. When Claude sends an email from your account, it is indistinguishable from an email you sent. There is no visible "sent by AI" marker in the recipient's inbox. For routine internal coordination, that's fine — and arguably better. For external communications, vendor negotiations, or anything that could create legal or contractual obligations, the question of who authorized a sent email matters.

Calendar actions have downstream effects. Claude accepting, declining, or creating meetings on behalf of an executive isn't just a convenience feature — it's a decision that affects other people's time. Organizations that use AI scheduling need to define what categories of calendar actions require human approval vs. what can be fully delegated.

SharePoint write access touches document governance. Files created or modified by Claude live in your SharePoint environment alongside files created by humans. Most organizations have document retention policies, version control requirements, and compliance workflows tied to SharePoint. AI-created documents need to be captured by those policies — and many organizations have not updated their governance frameworks to account for AI authorship.

The permission audit you've been deferring just became urgent. Because Claude's write access is bounded by existing M365 permissions, your current permission model is the effective security boundary. Orphaned accounts, overly permissive service accounts, and users with access they've accumulated over years but no longer need — these are now vectors for AI-amplified action, not just data exposure.

The Business Case Is Real and Measurable

The governance conversation is necessary. But so is the value conversation.

The workflows that Claude's M365 write access automates are not trivial. They are the workflows that consume two to four hours per day for most knowledge workers. According to McKinsey Global Institute research, email management alone consumes 28% of the average knowledge worker's day — roughly 2.6 hours of a standard workday. Calendar management and document creation add another 60 to 90 minutes combined.

That is the addressable opportunity. If Claude handles first drafts of routine correspondence, meeting scheduling, and standard document creation, the productivity impact is measurable in reclaimed hours — not in marginal efficiency gains.

The model is already familiar with your communication context through the read tools that have been available since launch. It can reference previous email threads, check your calendar for conflicts before scheduling, and pull from SharePoint documents when drafting responses. Write access completes the loop. The research and the action now happen in the same session.

For CFOs evaluating the cost of Claude Enterprise licenses, this is the ROI story: time recaptured from inbox management and calendar tetris, reallocated to higher-value work. The math is not complicated once you quantify the hours.

Claude Cowork Goes Everywhere — Including Mobile

The M365 write tools announcement landed alongside a second update that deserves equal attention: Claude Cowork is now available on web and mobile, not just desktop.

This matters for enterprise deployment in two specific ways.

First, Cowork sessions now run remotely. Your session — including files, context, and in-progress work — persists across devices. Close your laptop and open your phone; the session continues. Scheduled tasks run even when no device is online. For organizations where Claude is handling background work — processing documents, drafting reports, managing emails overnight — this removes the dependency on a device remaining active.

Second, Chat and Cowork now share a unified home. Projects and artifacts appear in one place regardless of whether they were created through a chat session or a Cowork session. For enterprise users managing multiple active projects, this reduces the cognitive overhead of switching between modes.

The rollout is phased — starting with Max plan users over the next several weeks, with more plans to follow.

On the same day, Anthropic launched a public beta of Claude Code and Claude Cowork in Claude for Government Desktop. This is built on the same application as the commercial product and delivered through a FedRAMP High authorized environment.

For public sector CIOs and CTOs, the specifics are significant. Agencies can tie AI spend to appropriated funds through standard seats or custom seat tiers with hard not-to-exceed caps. Department-level administrators can allocate seats and usage to sub-agencies. Every administrative action is recorded in a hash-chained audit log. FedRAMP High authorization means the environment meets the compliance bar required for federal agency ATO processes.

This is Anthropic's signal that the government market is a serious revenue target — not a future consideration. Claude Code in a FedRAMP High environment gives public sector development teams access to AI-assisted software development under the compliance framework they require. It also means the competitive conversation for government AI contracts now explicitly includes Anthropic alongside Microsoft Copilot for Government and Google Workspace for Government.

What Technical Leaders Should Do Before Enabling Write Tools

A structured approach is better than a rush to enable:

Audit M365 permissions first. Before enabling write tools, run an access review on your Microsoft 365 environment. Identify accounts with broader permissions than their role requires. Close gaps before the AI can traverse them.

Define a write-tools policy in advance. Decide which categories of actions are pre-approved for AI delegation vs. which require a human checkpoint. Email to internal colleagues may be different from email to external parties. Document creation in a project SharePoint may be different from document creation in a compliance-sensitive library.

Enable in a pilot cohort. Anthropic has designed the controls to allow org-level enable/disable. Consider enabling write tools for a defined pilot group — ideally power users in a non-regulated function — before broad rollout. Observe usage patterns and audit logs before expanding.

Communicate to end users. People in your organization should understand when Claude is acting on someone's behalf. This is both a trust issue and a practical one: recipients of AI-drafted emails deserve to interact with communication that accurately represents the sender's intent, not a hallucinated approximation of it.

Review your Microsoft Entra consent carefully. The Entra admin consent step is a meaningful permission grant. Read the permission set before accepting. Understand what delegated access you are granting at the organizational level.

The Bigger Picture

What Anthropic released on July 7 is not a feature. It is a posture change.

The read-only AI assistant was a tool you consulted. The read/write AI agent is a tool you delegate to. Those are fundamentally different relationships, with different governance requirements, different audit expectations, and different accountability frameworks.

The organizations that deploy Claude's M365 write access well will do it deliberately — with clear policies, audited permissions, and well-defined human checkpoints for high-stakes actions. The organizations that rush will discover that AI write access amplifies both productivity and errors at the same scale.

The capability is here. The governance frameworks are not yet standard. That gap is where the risk lives — and where the opportunity for IT leaders to get ahead of it exists.

For enterprise teams deploying Claude Enterprise with M365 integration, the question is not whether to enable write tools. The question is whether your permission architecture, your communication policies, and your AI governance framework are ready for what enabling them means.

If the answer is yes, the productivity case is compelling. If the answer is not yet, the path to yes is a governance conversation, not a technical one.


Continue Reading

THE DAILY BRIEF

Enterprise AI insights for technology and business leaders, twice weekly.

beri.net

Subscribe at beri.net/subscribe for twice-weekly AI insights delivered to your inbox.

LinkedIn: linkedin.com/in/rberi  |  X: x.com/rajeshberi

© 2026 Rajesh Beri. All rights reserved.

Claude Can Now Send Your Email. Should It?

Photo by Julia M Cameron on Pexels

For four years, AI assistants in the enterprise were observers. They could read your email. Search your calendar. Summarize a SharePoint document. But they couldn't act. The data flowed one way — into the model — and humans remained in the loop for every output that left the system.

That changed on July 7, 2026.

Anthropic updated the Microsoft 365 connector for Claude Enterprise, extending it from read-only to read/write. Claude can now draft and send email, manage calendar events, update mailbox settings, and create or update files in OneDrive and SharePoint. The connector has been available for months, but until this week it was passive. Now it has hands.

This is not a minor product update. It is a governance inflection point. And most enterprise IT and security teams aren't ready for it.

What Exactly Changed — And What Didn't

The July 7 release is specific. Here's what Claude can now do through the Microsoft 365 connector when write tools are enabled:

Email: Draft, send, organize, and manage drafts. Claude can compose from scratch or work from your instructions, then send directly from your account within your existing M365 permissions.

Calendar: Create, update, and delete calendar events. Schedule meetings, set reminders, manage recurring events.

Mailbox settings: Update rules, signatures, and mailbox configurations — the administrative layer most users rarely touch manually.

OneDrive and SharePoint: Create new files, update existing ones. This includes Word documents, Excel spreadsheets, PowerPoint presentations, and raw files stored in your org's SharePoint environment.

What stays read-only: Microsoft Teams. Claude can read Teams messages and channels, but write access to Teams has not been enabled. That's a meaningful boundary — chat and collaboration streams remain human-controlled for now.

This is a meaningful scope. It covers the four core workflows that eat the most time for knowledge workers: communication, scheduling, document creation, and file management. All four can now be delegated to Claude without requiring a human to copy-paste output.

How the Permissions Architecture Works

Before your team can use write tools, two things must happen at the admin layer.

First, a Microsoft Entra administrator must consent to the updated permission set. This is not automatic — Entra admins will see a new permission request in their consent workflow that goes beyond what read-only integration required. Accepting it is a deliberate act.

Second, an organization administrator in Claude Enterprise must explicitly enable write tools for the organization. It's off by default. No user can opt in individually.

This layered approach is the right design. It mirrors how Microsoft itself handles sensitive API permissions — requiring explicit admin consent rather than user-level opt-in. But it also means the decision is being made at the admin tier, potentially without full awareness of the operational implications downstream.

There's an important nuance in how write access is scoped: Claude operates within each member's existing Microsoft 365 permissions. If a user can't send email from a shared mailbox in native M365, Claude can't do it on their behalf either. The AI does not escalate privileges. What the user can do, Claude can do. What the user can't do, Claude can't do.

That's the right constraint. But it also means your existing M365 permission model — which many organizations have not audited in years — is now the security boundary for your AI agent's write access.

The Governance Conversation You Need to Have This Week

Most enterprise security teams think about AI risk in terms of data access: what can the model see? That question is still valid. But Claude's M365 write access introduces a second category of risk that is less familiar: what can the model do?

Send-on-behalf is new territory. When Claude sends an email from your account, it is indistinguishable from an email you sent. There is no visible "sent by AI" marker in the recipient's inbox. For routine internal coordination, that's fine — and arguably better. For external communications, vendor negotiations, or anything that could create legal or contractual obligations, the question of who authorized a sent email matters.

Calendar actions have downstream effects. Claude accepting, declining, or creating meetings on behalf of an executive isn't just a convenience feature — it's a decision that affects other people's time. Organizations that use AI scheduling need to define what categories of calendar actions require human approval vs. what can be fully delegated.

SharePoint write access touches document governance. Files created or modified by Claude live in your SharePoint environment alongside files created by humans. Most organizations have document retention policies, version control requirements, and compliance workflows tied to SharePoint. AI-created documents need to be captured by those policies — and many organizations have not updated their governance frameworks to account for AI authorship.

The permission audit you've been deferring just became urgent. Because Claude's write access is bounded by existing M365 permissions, your current permission model is the effective security boundary. Orphaned accounts, overly permissive service accounts, and users with access they've accumulated over years but no longer need — these are now vectors for AI-amplified action, not just data exposure.

The Business Case Is Real and Measurable

The governance conversation is necessary. But so is the value conversation.

The workflows that Claude's M365 write access automates are not trivial. They are the workflows that consume two to four hours per day for most knowledge workers. According to McKinsey Global Institute research, email management alone consumes 28% of the average knowledge worker's day — roughly 2.6 hours of a standard workday. Calendar management and document creation add another 60 to 90 minutes combined.

That is the addressable opportunity. If Claude handles first drafts of routine correspondence, meeting scheduling, and standard document creation, the productivity impact is measurable in reclaimed hours — not in marginal efficiency gains.

The model is already familiar with your communication context through the read tools that have been available since launch. It can reference previous email threads, check your calendar for conflicts before scheduling, and pull from SharePoint documents when drafting responses. Write access completes the loop. The research and the action now happen in the same session.

For CFOs evaluating the cost of Claude Enterprise licenses, this is the ROI story: time recaptured from inbox management and calendar tetris, reallocated to higher-value work. The math is not complicated once you quantify the hours.

Claude Cowork Goes Everywhere — Including Mobile

The M365 write tools announcement landed alongside a second update that deserves equal attention: Claude Cowork is now available on web and mobile, not just desktop.

This matters for enterprise deployment in two specific ways.

First, Cowork sessions now run remotely. Your session — including files, context, and in-progress work — persists across devices. Close your laptop and open your phone; the session continues. Scheduled tasks run even when no device is online. For organizations where Claude is handling background work — processing documents, drafting reports, managing emails overnight — this removes the dependency on a device remaining active.

Second, Chat and Cowork now share a unified home. Projects and artifacts appear in one place regardless of whether they were created through a chat session or a Cowork session. For enterprise users managing multiple active projects, this reduces the cognitive overhead of switching between modes.

The rollout is phased — starting with Max plan users over the next several weeks, with more plans to follow.

On the same day, Anthropic launched a public beta of Claude Code and Claude Cowork in Claude for Government Desktop. This is built on the same application as the commercial product and delivered through a FedRAMP High authorized environment.

For public sector CIOs and CTOs, the specifics are significant. Agencies can tie AI spend to appropriated funds through standard seats or custom seat tiers with hard not-to-exceed caps. Department-level administrators can allocate seats and usage to sub-agencies. Every administrative action is recorded in a hash-chained audit log. FedRAMP High authorization means the environment meets the compliance bar required for federal agency ATO processes.

This is Anthropic's signal that the government market is a serious revenue target — not a future consideration. Claude Code in a FedRAMP High environment gives public sector development teams access to AI-assisted software development under the compliance framework they require. It also means the competitive conversation for government AI contracts now explicitly includes Anthropic alongside Microsoft Copilot for Government and Google Workspace for Government.

What Technical Leaders Should Do Before Enabling Write Tools

A structured approach is better than a rush to enable:

Audit M365 permissions first. Before enabling write tools, run an access review on your Microsoft 365 environment. Identify accounts with broader permissions than their role requires. Close gaps before the AI can traverse them.

Define a write-tools policy in advance. Decide which categories of actions are pre-approved for AI delegation vs. which require a human checkpoint. Email to internal colleagues may be different from email to external parties. Document creation in a project SharePoint may be different from document creation in a compliance-sensitive library.

Enable in a pilot cohort. Anthropic has designed the controls to allow org-level enable/disable. Consider enabling write tools for a defined pilot group — ideally power users in a non-regulated function — before broad rollout. Observe usage patterns and audit logs before expanding.

Communicate to end users. People in your organization should understand when Claude is acting on someone's behalf. This is both a trust issue and a practical one: recipients of AI-drafted emails deserve to interact with communication that accurately represents the sender's intent, not a hallucinated approximation of it.

Review your Microsoft Entra consent carefully. The Entra admin consent step is a meaningful permission grant. Read the permission set before accepting. Understand what delegated access you are granting at the organizational level.

The Bigger Picture

What Anthropic released on July 7 is not a feature. It is a posture change.

The read-only AI assistant was a tool you consulted. The read/write AI agent is a tool you delegate to. Those are fundamentally different relationships, with different governance requirements, different audit expectations, and different accountability frameworks.

The organizations that deploy Claude's M365 write access well will do it deliberately — with clear policies, audited permissions, and well-defined human checkpoints for high-stakes actions. The organizations that rush will discover that AI write access amplifies both productivity and errors at the same scale.

The capability is here. The governance frameworks are not yet standard. That gap is where the risk lives — and where the opportunity for IT leaders to get ahead of it exists.

For enterprise teams deploying Claude Enterprise with M365 integration, the question is not whether to enable write tools. The question is whether your permission architecture, your communication policies, and your AI governance framework are ready for what enabling them means.

If the answer is yes, the productivity case is compelling. If the answer is not yet, the path to yes is a governance conversation, not a technical one.


Continue Reading

Share:
THE DAILY BRIEF
Enterprise AIMicrosoft 365Claude EnterpriseAI GovernanceAnthropic
Claude Can Now Send Your Email. Should It?

Claude just got write access to Microsoft 365 — email, calendar, SharePoint. Here's the governance checklist every IT leader needs before enabling it.

By Rajesh Beri·July 8, 2026·9 min read

For four years, AI assistants in the enterprise were observers. They could read your email. Search your calendar. Summarize a SharePoint document. But they couldn't act. The data flowed one way — into the model — and humans remained in the loop for every output that left the system.

That changed on July 7, 2026.

Anthropic updated the Microsoft 365 connector for Claude Enterprise, extending it from read-only to read/write. Claude can now draft and send email, manage calendar events, update mailbox settings, and create or update files in OneDrive and SharePoint. The connector has been available for months, but until this week it was passive. Now it has hands.

This is not a minor product update. It is a governance inflection point. And most enterprise IT and security teams aren't ready for it.

What Exactly Changed — And What Didn't

The July 7 release is specific. Here's what Claude can now do through the Microsoft 365 connector when write tools are enabled:

Email: Draft, send, organize, and manage drafts. Claude can compose from scratch or work from your instructions, then send directly from your account within your existing M365 permissions.

Calendar: Create, update, and delete calendar events. Schedule meetings, set reminders, manage recurring events.

Mailbox settings: Update rules, signatures, and mailbox configurations — the administrative layer most users rarely touch manually.

OneDrive and SharePoint: Create new files, update existing ones. This includes Word documents, Excel spreadsheets, PowerPoint presentations, and raw files stored in your org's SharePoint environment.

What stays read-only: Microsoft Teams. Claude can read Teams messages and channels, but write access to Teams has not been enabled. That's a meaningful boundary — chat and collaboration streams remain human-controlled for now.

This is a meaningful scope. It covers the four core workflows that eat the most time for knowledge workers: communication, scheduling, document creation, and file management. All four can now be delegated to Claude without requiring a human to copy-paste output.

How the Permissions Architecture Works

Before your team can use write tools, two things must happen at the admin layer.

First, a Microsoft Entra administrator must consent to the updated permission set. This is not automatic — Entra admins will see a new permission request in their consent workflow that goes beyond what read-only integration required. Accepting it is a deliberate act.

Second, an organization administrator in Claude Enterprise must explicitly enable write tools for the organization. It's off by default. No user can opt in individually.

This layered approach is the right design. It mirrors how Microsoft itself handles sensitive API permissions — requiring explicit admin consent rather than user-level opt-in. But it also means the decision is being made at the admin tier, potentially without full awareness of the operational implications downstream.

There's an important nuance in how write access is scoped: Claude operates within each member's existing Microsoft 365 permissions. If a user can't send email from a shared mailbox in native M365, Claude can't do it on their behalf either. The AI does not escalate privileges. What the user can do, Claude can do. What the user can't do, Claude can't do.

That's the right constraint. But it also means your existing M365 permission model — which many organizations have not audited in years — is now the security boundary for your AI agent's write access.

The Governance Conversation You Need to Have This Week

Most enterprise security teams think about AI risk in terms of data access: what can the model see? That question is still valid. But Claude's M365 write access introduces a second category of risk that is less familiar: what can the model do?

Send-on-behalf is new territory. When Claude sends an email from your account, it is indistinguishable from an email you sent. There is no visible "sent by AI" marker in the recipient's inbox. For routine internal coordination, that's fine — and arguably better. For external communications, vendor negotiations, or anything that could create legal or contractual obligations, the question of who authorized a sent email matters.

Calendar actions have downstream effects. Claude accepting, declining, or creating meetings on behalf of an executive isn't just a convenience feature — it's a decision that affects other people's time. Organizations that use AI scheduling need to define what categories of calendar actions require human approval vs. what can be fully delegated.

SharePoint write access touches document governance. Files created or modified by Claude live in your SharePoint environment alongside files created by humans. Most organizations have document retention policies, version control requirements, and compliance workflows tied to SharePoint. AI-created documents need to be captured by those policies — and many organizations have not updated their governance frameworks to account for AI authorship.

The permission audit you've been deferring just became urgent. Because Claude's write access is bounded by existing M365 permissions, your current permission model is the effective security boundary. Orphaned accounts, overly permissive service accounts, and users with access they've accumulated over years but no longer need — these are now vectors for AI-amplified action, not just data exposure.

The Business Case Is Real and Measurable

The governance conversation is necessary. But so is the value conversation.

The workflows that Claude's M365 write access automates are not trivial. They are the workflows that consume two to four hours per day for most knowledge workers. According to McKinsey Global Institute research, email management alone consumes 28% of the average knowledge worker's day — roughly 2.6 hours of a standard workday. Calendar management and document creation add another 60 to 90 minutes combined.

That is the addressable opportunity. If Claude handles first drafts of routine correspondence, meeting scheduling, and standard document creation, the productivity impact is measurable in reclaimed hours — not in marginal efficiency gains.

The model is already familiar with your communication context through the read tools that have been available since launch. It can reference previous email threads, check your calendar for conflicts before scheduling, and pull from SharePoint documents when drafting responses. Write access completes the loop. The research and the action now happen in the same session.

For CFOs evaluating the cost of Claude Enterprise licenses, this is the ROI story: time recaptured from inbox management and calendar tetris, reallocated to higher-value work. The math is not complicated once you quantify the hours.

Claude Cowork Goes Everywhere — Including Mobile

The M365 write tools announcement landed alongside a second update that deserves equal attention: Claude Cowork is now available on web and mobile, not just desktop.

This matters for enterprise deployment in two specific ways.

First, Cowork sessions now run remotely. Your session — including files, context, and in-progress work — persists across devices. Close your laptop and open your phone; the session continues. Scheduled tasks run even when no device is online. For organizations where Claude is handling background work — processing documents, drafting reports, managing emails overnight — this removes the dependency on a device remaining active.

Second, Chat and Cowork now share a unified home. Projects and artifacts appear in one place regardless of whether they were created through a chat session or a Cowork session. For enterprise users managing multiple active projects, this reduces the cognitive overhead of switching between modes.

The rollout is phased — starting with Max plan users over the next several weeks, with more plans to follow.

On the same day, Anthropic launched a public beta of Claude Code and Claude Cowork in Claude for Government Desktop. This is built on the same application as the commercial product and delivered through a FedRAMP High authorized environment.

For public sector CIOs and CTOs, the specifics are significant. Agencies can tie AI spend to appropriated funds through standard seats or custom seat tiers with hard not-to-exceed caps. Department-level administrators can allocate seats and usage to sub-agencies. Every administrative action is recorded in a hash-chained audit log. FedRAMP High authorization means the environment meets the compliance bar required for federal agency ATO processes.

This is Anthropic's signal that the government market is a serious revenue target — not a future consideration. Claude Code in a FedRAMP High environment gives public sector development teams access to AI-assisted software development under the compliance framework they require. It also means the competitive conversation for government AI contracts now explicitly includes Anthropic alongside Microsoft Copilot for Government and Google Workspace for Government.

What Technical Leaders Should Do Before Enabling Write Tools

A structured approach is better than a rush to enable:

Audit M365 permissions first. Before enabling write tools, run an access review on your Microsoft 365 environment. Identify accounts with broader permissions than their role requires. Close gaps before the AI can traverse them.

Define a write-tools policy in advance. Decide which categories of actions are pre-approved for AI delegation vs. which require a human checkpoint. Email to internal colleagues may be different from email to external parties. Document creation in a project SharePoint may be different from document creation in a compliance-sensitive library.

Enable in a pilot cohort. Anthropic has designed the controls to allow org-level enable/disable. Consider enabling write tools for a defined pilot group — ideally power users in a non-regulated function — before broad rollout. Observe usage patterns and audit logs before expanding.

Communicate to end users. People in your organization should understand when Claude is acting on someone's behalf. This is both a trust issue and a practical one: recipients of AI-drafted emails deserve to interact with communication that accurately represents the sender's intent, not a hallucinated approximation of it.

Review your Microsoft Entra consent carefully. The Entra admin consent step is a meaningful permission grant. Read the permission set before accepting. Understand what delegated access you are granting at the organizational level.

The Bigger Picture

What Anthropic released on July 7 is not a feature. It is a posture change.

The read-only AI assistant was a tool you consulted. The read/write AI agent is a tool you delegate to. Those are fundamentally different relationships, with different governance requirements, different audit expectations, and different accountability frameworks.

The organizations that deploy Claude's M365 write access well will do it deliberately — with clear policies, audited permissions, and well-defined human checkpoints for high-stakes actions. The organizations that rush will discover that AI write access amplifies both productivity and errors at the same scale.

The capability is here. The governance frameworks are not yet standard. That gap is where the risk lives — and where the opportunity for IT leaders to get ahead of it exists.

For enterprise teams deploying Claude Enterprise with M365 integration, the question is not whether to enable write tools. The question is whether your permission architecture, your communication policies, and your AI governance framework are ready for what enabling them means.

If the answer is yes, the productivity case is compelling. If the answer is not yet, the path to yes is a governance conversation, not a technical one.


Continue Reading

THE DAILY BRIEF

Enterprise AI insights for technology and business leaders, twice weekly.

beri.net

Subscribe at beri.net/subscribe for twice-weekly AI insights delivered to your inbox.

LinkedIn: linkedin.com/in/rberi  |  X: x.com/rajeshberi

© 2026 Rajesh Beri. All rights reserved.

Frequently Asked Questions

What can Claude do with Microsoft 365 write access?

With write tools enabled, Claude can draft and send email, manage drafts, create/update/delete calendar events, change mailbox settings (rules, signatures, auto-replies), and create or update files in OneDrive and SharePoint. Microsoft Teams stays read-only, and every action runs within each user's existing M365 permissions.

How do you enable Claude's M365 write tools?

It takes two deliberate admin steps. A Microsoft Entra administrator must consent to the updated permission set, and a Claude organization administrator must explicitly turn on write tools for the organization. Write tools are off by default, and individual users cannot opt in on their own.

Does Claude escalate permissions when it sends email or edits files?

No. Claude operates strictly within each member's existing Microsoft 365 permissions. If a user cannot perform an action natively in M365, Claude cannot do it on their behalf. Your current M365 permission model is therefore the effective security boundary for AI write access, which is why an access review should come first.

Newsletter

Stay Ahead of the Curve

Weekly enterprise AI insights for technology leaders. No spam, no vendor pitches—unsubscribe anytime.

Subscribe