OpenAdminOS for Microsoft 365 admins.

Run AI agents from your own machine, keep sensitive tenant work local with local models, and approve every Microsoft Graph change before it happens.

Download for macOS Downloads the DMG. PKG is available for managed rollout.

Download for Linux AppImage direct. DEB/RPM available.

Download for WindowsSoon

Pending signing.

Free and open-source. MIT licensed. github.com/OpenAdminOS/OpenAdminOS

OpenAdminOS app showing Microsoft 365 agent runs

Admin work

Agents for the work scripts do not explain.

OpenAdminOS agents read Microsoft 365 tenant data, shape the evidence, use the selected model for reasoning, and return work an admin can inspect before acting.

Investigate

Correlate tenant signals across users, devices, sign-ins, policies, and audit logs.

Explain

Turn Conditional Access, Secure Score, and posture data into admin-readable reasoning.

Prioritize

Rank stale devices, risky accounts, policy gaps, and cleanup candidates by tenant context.

Prepare changes

Generate reviewed write plans with evidence before anything touches the tenant.

Local-first by default

Run repeatable tenant work locally.

Use local models for drafts, investigations, scheduled checks, and agent runs without a per-token meter. If you choose a hosted model, the app says so before tenant data is sent.

Local models

ollama serve

Use Ollama today for private runs without per-token vendor costs.

Model choice

localhost:1234

LM Studio is planned; hosted providers stay optional.

Hosted providers

explicit egress

OpenAI, Anthropic, or Azure OpenAI are labeled before every run.

Tenant boundary

no tenant telemetry

Local runs keep tenant data, prompts, and results on this device.

Operating modes

The data boundary changes by mode.

Local and hosted model choices are not treated as cosmetic settings. Read-only and write agents also have different confirmation paths.

ModeLocal-first pathHosted or write path

Local models

Local-first pathPrompts and tenant context stay on the workstation.

Hosted or write pathOptional hosted providers are labeled before tenant context is sent.

Read-only agents

Local-first pathRun investigations and reports without changing tenant state.

Hosted or write pathUse the same read-only contract, with hosted model egress disclosed.

Write agents

Local-first pathPrepare a Graph change diff and wait for approval.

Hosted or write pathStill require the same diff and typed confirmation gates.

Agent registry

Local-first pathInstall from the public open registry or point to a private registry.

Hosted or write pathRegistry choice does not change the write-confirmation contract.

Agent registry

Agents that investigate, explain, and prepare work.

Agents install from an open registry and can be inspected before use. Each one declares what it can access, whether it can propose changes, and which model requirements it has.

Read how the registry works

AgentModeTrust

Sign-in failure explainer

Clusters failed sign-ins by user, app, policy status, device context, and location.

ModeRead-only

TrustDeclared permissions

Secure Score prioritizer

Ranks security controls by effort, user impact, category, and max-score upside.

ModeRead-only

TrustDeclared permissions

Stale guest cleanup

Builds a capped disable plan for inactive guests with per-account rationale.

ModeWrite

TrustApproval required

Graph permissions

Agents declare the Microsoft Graph scopes they need.

OpenAdminOS uses MSAL for Microsoft identity sign-in and Microsoft Graph for tenant data. Consent is tied to the scopes declared by the agents an admin chooses to run.

Before install

The agent manifest lists required Graph scopes, read/write mode, model requirements, settings, and connector egress before the agent is installed.

Before run

If the active tenant is missing, expired, or ambiguous, the run cannot start. If a write plan is produced, the diff gate appears before any tenant change.

For private registries

Internal registries use the same scope declaration and confirmation rules as public registry agents. The source changes; the trust contract does not.

For hosted models

Graph data selected for the prompt is labeled as egress before it is sent to a hosted provider. Local providers keep that prompt on the workstation.

Diff confirmation

Retire inactive devices

Destructive

WIN-FINANCE-042retire

MACBOOK-AUDIT-17retire

SURFACE-FIELD-31retire

This will retire 47 devices. Type RETIRE 47 DEVICES to confirm.

Human in the loop

Changes wait for your approval.

Read-only agents can run autonomously. Any change shows a diff first, and destructive actions require typed confirmation. There is no trust-this-agent bypass.

Review the trust model

Open source

No vendor-owned agent runtime.

The app, runtime, agents, and registry contract are open from day one. Audit them, change them, or point OpenAdminOS at your own curated registry.

~/code

$ gh repo fork OpenAdminOS/OpenAdminOS --clone

✓ Cloned OpenAdminOS

$ pnpm install

✓ workspace ready

$ pnpm dev

OpenAdminOS desktop app started

MIT

Commercial-friendly license

Open runtime

Agents, desktop app, registry, and SDK

Forkable registry

Point enterprises at their own curated agents

No tenant telemetry

Tenant content does not leave by default

Common questions

Questions admins usually ask first.

These answers summarize the product boundary: desktop app, Microsoft Graph, local-first model choice, declared agent permissions, and write confirmation.

What is OpenAdminOS?

OpenAdminOS is a local-first agent runtime and open-source desktop app for Microsoft 365, Intune, and Entra administrators. It connects to a tenant through MSAL, reads tenant data through Microsoft Graph, and runs declared agent workflows from the admin's machine. Local LLM providers keep prompts and tenant context on-device; hosted providers remain optional and are labeled before data leaves the workstation.

Does OpenAdminOS send Microsoft 365 tenant data to the cloud?

Not when a local provider is selected. With Ollama or another local provider, tenant data, prompts, and run results stay on the device. If an admin chooses a hosted provider such as OpenAI, Anthropic, or Azure OpenAI, the app labels that tenant context will be sent to that provider.

Which Microsoft 365 services does it work with?

The product is built around Microsoft Graph and initially focuses on Intune and Entra administration: devices, users, groups, sign-ins, Conditional Access, compliance posture, app assignments, audit logs, and related tenant signals.

What Microsoft Graph permissions do agents need?

Each agent declares its required Graph scopes in its manifest. OpenAdminOS shows those scopes before install and before consent, so admins can see what an agent can read or propose changing before it runs.

What happens before a write agent changes my tenant?

Write agents always pause at a diff confirmation screen. Destructive operations require typed confirmation. There is no trust-this-agent bypass and no skip toggle for write operations.

Can I use a private agent registry?

Yes. Enterprises can point OpenAdminOS at their own curated registry instead of using only the public community registry. Agents still use the same manifest, scope declaration, and write-confirmation rules.

Which LLM providers are supported?

Ollama is the local provider path available today. LM Studio is planned. Hosted providers such as OpenAI, Anthropic, and Azure OpenAI are optional and are treated as a different trust boundary in the UI.

Is OpenAdminOS affiliated with Microsoft?

No. OpenAdminOS is an independent open-source project. Microsoft 365, Intune, Entra, and Microsoft Graph are Microsoft trademarks and are referenced only to describe compatibility and administration targets.

Run tenant agents on your terms.

Use local models when privacy, repeatability, or cost matters. Use hosted models when you choose to. Either way, OpenAdminOS keeps tenant work inspectable and changes gated.

View downloads Star on GitHub