Skip to content
Rush Commerce
AI & Automation3 min read

Claude can now send your email: govern AI write access

Claude's new Microsoft 365 write tools let it send email and edit OneDrive/SharePoint files. The operator question isn't can it — it's what should it touch.

Until recently, your AI assistant could read your inbox and your files. Now it can act on them. Anthropic just enabled Microsoft 365 write tools for Claude — meaning Claude can draft and send email, manage your calendar, change mailbox settings, and create and update files in OneDrive and SharePoint. That's a real jump. Read-only mistakes are embarrassing; write mistakes go out the door with your name on them. The move is useful, but it turns a quiet question into an urgent one: what, exactly, should you let an AI touch?

What actually happened

Per Anthropic's release notes, with write tools enabled Claude can "draft, send, and organize email, manage calendar events, update mailbox settings, and create and update files in OneDrive and SharePoint." Read and search tools work as before, and Teams stays read-only for now. The guardrail that matters: organizations must grant admin consent before any member can use these capabilities. It's off by default, and turning it on is a deliberate act.

This lands alongside a broader push — Claude Cowork moving to web and mobile with background and scheduled work, and Claude Code driving a real browser. The direction is unmistakable: these tools are shifting from things you talk to into things that do things in your systems while you're not watching.

Why it matters for your business

"Claude can send email" sounds like a feature. Operationally it's an access-control decision, and most teams will make it by accident. The right instinct isn't to flip it on for everyone or to ban it — it's to scope it. Which mailboxes? Whose calendar? Which SharePoint sites hold contracts, pricing, or customer PII you don't want an assistant rewriting on a bad prompt? Admin consent is the gate, but a gate only helps if someone decides who's allowed through.

We treat AI write access the way we treat any service account: least privilege, scoped to the specific job, logged, and reversible. An assistant that can send email should send specific email — not have a blank check on the domain. If you're rolling this out, decide the blast radius before you enable it, not after Claude has cheerfully emailed a client the wrong quote. The capability is genuinely useful for the boring, high-volume stuff; it's dangerous exactly when it's ungoverned. Same as every other agent write-path — the tool is fine, the defaults are the risk.

Key takeaways

  • Claude's new Microsoft 365 write tools let it send email, manage calendar, change mailbox settings, and edit OneDrive/SharePoint files
  • It's off until an admin grants consent — enabling it is an access-control decision, not just a feature toggle
  • Scope it like a service account: least privilege, specific mailboxes/sites, logged and reversible — not a blank check on the domain
  • Decide the blast radius before you turn it on; write mistakes leave the building with your name on them

Giving AI the keys to your email and files? We set up AI write access the safe way — scoped, logged, and least-privilege — so automation helps without going rogue. See how we scope it or talk through your rollout.

Sources: Claude release notes (Anthropic).

  • #ai-agents
  • #microsoft-365
  • #governance
  • #automation
  • #security
TR

Tommy Rush — Founder, Rush Commerce

Operator turned builder. 15+ years running operations — now shipping the systems businesses run on. More

Get The Rush Report weekly — one email, zero fluff.