Skip to content

MCP Server

Let your AI assistant work the fleet — under the same governance as your team.

MCP AI Clients Tool Access Scoped Actions Governance
17
MCP tools
SSE + Streamable HTTP
Transports
4
Risk tiers
Tenant-aware
Scope
First RMM with MCP — an execution authority for external AI

Breeze is the first RMM to ship an MCP server. Point Claude Desktop, Claude Code, Cursor, Windsurf, or ChatGPT at your Breeze tenant and your AI assistant can query fleet state, triage alerts, deploy patches, and run scripts — every call routed through the same RBAC, risk tiers, and tenant isolation that govern your team.

What MCP Unlocks for MSPs

The Model Context Protocol is an open standard for connecting AI assistants to live systems. Without it, an AI can only talk about your fleet from training data. With Breeze’s MCP server, it can actually work the fleet — pulling device status, acknowledging alerts, kicking off patch jobs — through one governed interface that any compatible client can use.

For MSPs, that means your techs can triage from inside the tools they already live in, and AI workflows you build internally inherit the same controls as the Breeze UI.

One Connection, Your Whole Toolset

Breeze exposes 17 MCP tools covering device management, alert handling, patch deployment, script execution, reporting, documentation, and fleet intelligence. It’s the same toolset your built-in AI assistant uses — MCP is not a reduced sandbox.

Connecting takes one line in a modern MCP client:

claude mcp add breeze-rmm --transport sse \
  --url https://your-api/api/v1/mcp/sse \
  --header "X-API-Key: brz_..."

Both MCP transports are supported (SSE and Streamable HTTP), and modern clients like Claude.ai and ChatGPT can enroll over OAuth 2.1 instead of pasting an API key — so revoking an assistant’s access is one click, not a key rotation.

Same Governance as the Breeze UI

MCP is not a side channel. Every call passes through the platform’s full governance stack before anything touches a device.

  • Risk tiers classify each tool. Reads execute freely; low-risk writes are logged; high-risk actions like script runs and patch deploys require approval; the most dangerous operations are blocked entirely.
  • Scoped API keys decide which tiers an assistant can even attempt. A read-only key cannot escalate to script execution, regardless of which client is asking.
  • Tenant isolation is enforced on every call. A key issued for one customer cannot see or touch another.
  • Audit parity means an action taken from Claude Desktop logs identically to one taken from the Breeze UI — same tool name, parameters, identity, tenant, and outcome.

Production controls for restricting tool allowlists, requiring admin keys for execute tools, and tuning rate limits are all configurable per environment.

How Teams Use It

An on-call tech opens Claude Desktop, asks for critical alerts in the last hour, and acknowledges them without leaving the chat. A senior engineer in Cursor runs a fleet health check between commits. An internal AI workflow pulls an alert from Breeze, opens a PSA ticket through another MCP server, runs a remediation script back through Breeze, and updates the ticket — one conversation, full audit trail.

The pattern is the same in every case: the assistant gets the access your governance allows, and nothing more.

Deep dives: MCP Tools for IT Management walks through each tool with chaining patterns. How to Use Your RMM From Claude Desktop (or Cursor) is the setup guide.

Why It Matters

AI assistants are already in your team’s daily workflow. The question is whether they operate on stale context and blind API calls — or against live fleet data with the same guardrails you’ve already built. Breeze’s MCP server makes the second one the default.

Capabilities

MCP Protocol Support

SSE transport endpoint lets Claude Desktop, Claude Code, Cursor, Windsurf, and any MCP-compatible host connect to your Breeze instance.

17 Fleet Tools

Device management, alert handling, patch deployment, script execution, reporting, and documentation tools — the same catalog available to the native AI assistant.

Governance Continuity

Every MCP tool call passes through the 4-tier risk engine, RBAC, tenant isolation, and approval workflows before execution.

Scoped API Key Access

API keys are issued with ai:read, ai:write, or ai:execute scopes that control which risk tiers the connected client can reach.

Production Hardening

Tool allowlists, execute-admin requirements, and per-key rate limits lock down MCP access for production environments.

Execution and Denial Audit

Tool calls, denials, and throttle events through MCP are logged identically to native AI assistant actions with full parameter and outcome detail.

Deploy for Free Start Cloud Beta ← All Features

Ready to see MCP Server in action?

Book a 20-minute demo to see how MCP Server works in your environment, or compare plans and self-host today.

Book a Demo(opens in new tab) See Pricing Or self-host free →(opens in new tab)

Ready to try Breeze?

Self-host the open-source agent or join the managed cloud beta — no credit card required.

Start Cloud Beta Deploy for Free(opens in new tab)

Related features

All features →
First in RMM

AI Assistant

AI that can act safely across your fleet.

Only in Breeze

AI Risk Engine

Control what AI can do, when, and under whose approval.

AI Computer Control

AI actions with operational guardrails.

Agent Diagnostics

Debug the agent itself, not just the endpoint.

Coming from another RMM? See how Breeze compares on price, features, and openness.

Compare Breeze
Book a Demo(opens in new tab) See Pricing