Enterprise

Zero credentials.
Zero cloud.
Zero IT tickets.

Give your team AI-powered access to Mail, Calendar, Teams, and OneDrive — without a single API key, OAuth flow, or approval process. Data never leaves each Mac.

🔒No cloud API keys — ever

🇪🇺GDPR-compliant by architecture

📁OneDrive folder scoping

🏢MDM-deployable (Jamf · Kandji)

📋Per-tool disable & read-only mode(Q2 2026)

📄Audit log for compliance teams(Q2 2026)

Start a 30-machine pilot →Download GDPR review packet

The problem

Why AI tools stall in enterprise

Most AI productivity tools require cloud API access, OAuth approvals, and token management. That means months of IT backlog before your team gets value.

⏳

API approvals take months

Graph API, Gmail OAuth, Exchange connector — each one requires a security review, a DPA, and sign-off from 3 teams. Your team waits.

☁️

Cloud tools create data residency risk

Sending emails and calendar events to a third-party cloud server triggers GDPR Article 28 obligations, cross-border transfer rules, and DLP exceptions.

🔑

Token management doesn't scale

OAuth tokens expire, scopes drift, and leaked credentials become incidents. Managing API keys across 50 machines is a full-time job.

Enterprise controls

Enterprise controls, built for IT

Core controls are live today. Governance features like per-tool disable and audit log ship Q2 2026 — join a pilot to get early access.

Available now

📁

OneDrive folder scoping

Restrict OneDrive access to specific folders per user or team. Agents see only what each role needs — no blanket access to the entire drive.

🔒

No credentials ever

LMCP reads macOS native frameworks — EventKit, CNContactStore, Outlook COM, Teams IPC. No OAuth tokens, no API keys, no secrets to rotate or leak.

Coming Q2 2026

🏢

M365 directory search

Query your enterprise Global Address List (GAL) via Microsoft Graph. Resolve first-name-only references in meeting notes to full names, titles, departments, and org hierarchy — no IT admin approval required for personal-scope queries.

🔧

Per-tool disable

Block any tool organization-wide with a single config flag. Restrict agents to read-only mail, disable file writes, or turn off Teams messaging — without touching each machine.

👁️

Read-only mode

Lock the entire installation to read-only. AI agents can query Mail, Calendar, Contacts, and Teams — but cannot send, create, or modify anything.

📋

Audit log

Every tool call is logged locally with timestamp, tool name, and input summary. Readable by your SIEM or compliance team via structured JSON.

⚙️

Config profiles

Deploy named profiles for different roles — Engineering (full access), Legal (read-only), Support (mail + calendar only). Push via Jamf or Kandji plist.

📁

Chandra

Digital Strategy Lead

VML

“We couldn’t get Graph API approval for 4 months. Our legal team flagged every cloud connector as a data residency issue. With LMCP, I scoped OneDrive access to just our campaign folders and got it through security review in a week. No credentials, no IT tickets, no waiting.”

💡

OneDrive folder scoping in practice

Set onedrive_scopes in your config to restrict agents to specific folders only. Agents can read, list, and search within scope — and cannot access anything outside it.

Compliance

Data never leaves
the Mac.

LMCP reads macOS native frameworks directly — no network calls, no cloud relay, no third-party processors. Your GDPR and SOC 2 posture is satisfied by architecture, not by contract.

No DPA required — No third-party data processor — no Article 28 obligation.

Zero data retention — Nothing stored between requests. No logs leave the device.

No cross-border transfer — Data never traverses a network. Fully Article 44 compliant.

Right to erasure is automatic — Delete the app — all processing stops instantly.

Works with existing DLP — Runs inside your existing macOS MDM and DLP perimeter.

SOC 2 Type II posture — On-device architecture eliminates cloud control surface.

Architecture comparison

Cloud-connected AI tools

Your Mac→Cloud API→AI Model

Your data leaves the device. DPA required. Transfer risk.

LMCP

Your Mac→LMCP (local)→AI Model

Data read locally. AI model only sees what you ask. Nothing stored.

✓ GDPR Article 5 · Article 28 · Article 44 compliant

Deployment

Live on your fleet in under 2 hours

Signed pkg, MDM-ready plist, TCC pre-approval. Works with Jamf Pro, Kandji, and any MDM that supports macOS package deployment.

Package via Jamf or Kandji

Download the signed .pkg from local-mcp.com/download. Create a Jamf Policy or Kandji Library Item targeting your macOS fleet.

Push your config profile

Deploy a managed plist at ~/Library/Application Support/Local MCP/config.json. Set onedrive_scopes and other policy keys per your role requirements.

Approve TCC permissions centrally

Use your MDM Privacy Preferences Policy to pre-approve Mail, Calendar, and Contacts access. No per-user prompts.

Configure your AI client

Add the MCP server entry to Claude Desktop, Cursor, or VS Code settings. Each machine connects to its local LMCP instance — nothing shared, nothing central.

Config templates

Deploy now, grow into Q2 controls

OneDrive scoping is live. Full per-tool and audit config ships Q2 2026 — pilot customers get early access.

Today — OneDrive scopingAvailable now

{
  "onedrive_scopes": [
    "Work Documents",
    "Shared/Team Projects"
  ]
}

Full EnterpriseQ2 2026

{
  "read_only_mode": false,
  "audit_log": true,
  "disabled_tools": [],
  "onedrive_scopes": ["Work Documents",
    "Shared/Team Projects"]
}

GDPR Strict / RegulatedQ2 2026

{
  "read_only_mode": true,
  "audit_log": true,
  "disabled_tools": ["send_email",
    "onedrive_delete_file"],
  "onedrive_scopes": []
}

Zero credentials.Zero cloud.Zero IT tickets.