CISA M365 MCP Server

smithery badge A Model Context Protocol (MCP) server implementing CISA Binding Operational Directive 25-01 security controls for Microsoft 365 (Azure AD/Entra ID).

Overview

This MCP server provides tools for configuring and managing Microsoft 365 security settings in accordance with BOD 25-01 requirements. It integrates with Microsoft Graph API to enforce security controls, monitor compliance, and provide detailed reporting.

Key Features

Legacy authentication controls
Risk-based access controls
Multi-factor authentication management
Application registration and consent controls
Password policy management
Privileged role management
Cloud-only account enforcement
PAM system integration
Comprehensive compliance reporting
Token-based authentication
Type-safe argument validation
Detailed error handling and logging

Security Controls

MS.AAD.1.1v1

Due Date: 06/20/2025

Block legacy authentication:

Disables legacy authentication protocols
Reduces attack surface
Improves security posture

Implementation details:

await graphClient .api('/policies/authenticationMethodsPolicy') .patch({ allowLegacyAuthentication: false, blockLegacyAuthenticationMethods: true, });

MS.AAD.2.1v1 & MS.AAD.2.3v1

Due Date: 06/20/2025

Block high-risk users and sign-ins:

Blocks users detected as high risk
Blocks sign-ins detected as high risk
Leverages Microsoft's threat intelligence

Implementation details:

await graphClient .api('/policies/identitySecurityDefaultsEnforcementPolicy') .patch({ blockHighRiskUsers: true, riskLevelForBlocking: 'high', });

MS.AAD.3.1v1, MS.AAD.3.2v1, MS.AAD.3.3v1

Due Date: 06/20/2025

MFA configuration:

Enforces phishing-resistant MFA
Configures alternative MFA methods
Shows login context in Microsoft Authenticator

Implementation details:

await graphClient .api('/policies/authenticationMethodsPolicy') .patch({ policies: { fido2: { isEnabled: true, isSelfServiceRegistrationAllowed: true, }, windowsHelloForBusiness: { isEnabled: true, isSelfServiceRegistrationAllowed: true, }, }, });

MS.AAD.5.1v1, MS.AAD.5.2v1, MS.AAD.5.3v1, MS.AAD.5.4v1

Due Date: 06/20/2025

Application controls:

Restricts app registration to admins
Restricts app consent to admins
Configures admin consent workflow
Blocks group owner consent

Implementation details:

await graphClient .api('/policies/applicationRegistrationManagement') .patch({ restrictAppRegistration: true, restrictNonAdminUsers: true, });

MS.AAD.6.1v1

Due Date: 06/20/2025

Password policy:

Disables password expiration
Follows modern security best practices

Implementation details:

await graphClient .api('/policies/passwordPolicy') .patch({ passwordExpirationPolicy: { passwordExpirationDays: 0, neverExpire: true, }, });

MS.AAD.7.1v1 through MS.AAD.7.8v1

Due Date: 06/20/2025

Privileged role management:

Limits Global Administrator count
Enforces granular roles
Requires cloud-only accounts
Enforces PAM system usage
Configures approval workflows
Sets up alerting

Implementation details:

await graphClient .api('/policies/roleManagementPolicies') .patch({ enforceGranularRoles: true, blockGlobalAdminForGeneralUse: true, requireApprovalForGlobalAdmin: true, });

Architecture

Components

Server Class
- Handles MCP protocol implementation
- Manages tool registration and execution
- Implements error handling and logging
Authentication
- Token-based authentication with Microsoft Graph API
- Automatic token refresh
- Secure credential management
Graph Client
- Wrapper around Microsoft Graph API
- Type-safe request/response handling
- Retry logic and error handling
Tools
- Legacy authentication control
- Risk-based access management
- MFA configuration
- Application control
- Password policy management
- Role management
- Alert configuration
- Policy status reporting

Data Flow

Prerequisites

Node.js 18.x or higher
Microsoft 365 tenant with admin access
Azure AD application with required permissions:
- Policy.ReadWrite.All
- RoleManagement.ReadWrite.All
- User.Read.All
- Application.ReadWrite.All

Installation

Installing via Smithery

To install CISA M365 MCP Server automatically via Smithery:

npx -y @smithery/cli install cisa-m365

You can also directly copy the MCP settings and definitions from Smithery Protocol Directory and add the MCP server to your Claude or LLM setup that supports MCP protocol.

Clone the repository:

git clone https://github.com/DynamicEndpoints/BOD-25-01-CSA-MCP.git cd cisa-m365

Install dependencies:

npm install

Build the server:

npm run build

Configuration

Create Azure AD application:
- Navigate to Azure Portal > Azure Active Directory
- Register a new application
- Add required API permissions
- Create a client secret
Configure environment variables:

cp .env.example .env

Edit .env file:

TENANT_ID=your-tenant-id CLIENT_ID=your-client-id CLIENT_SECRET=your-client-secret

Configure MCP settings:

{ "mcpServers": { "cisa-m365": { "command": "node", "args": ["path/to/cisa-m365/build/index.js"], "env": { "TENANT_ID": "your-tenant-id", "CLIENT_ID": "your-client-id", "CLIENT_SECRET": "your-client-secret" } } } }

Usage

Available Tools

block_legacy_auth

Block legacy authentication methods.

{}

block_high_risk_users

Block users detected as high risk.

{}

enforce_phishing_resistant_mfa

Enforce phishing-resistant MFA for all users.

{}

configure_global_admins

Configure Global Administrator role assignments.

{ "userIds": ["user1-id", "user2-id"] }

get_policy_status

Get current status of all security policies.

{}

Example Usage

// Block legacy authentication const result = await client.callTool('block_legacy_auth', {}); // Get policy status const status = await client.callTool('get_policy_status', {});

API Reference

Policy Settings API

interface PolicySettings { legacyAuthentication: { blocked: boolean; compliant: boolean; }; highRiskUsers: { blocked: boolean; compliant: boolean; }; mfa: { phishingResistant: boolean; alternativeEnabled: boolean; compliant: boolean; }; applications: { registrationRestricted: boolean; consentRestricted: boolean; compliant: boolean; }; passwords: { expirationDisabled: boolean; compliant: boolean; }; roles: { globalAdminCount: number; granularRolesEnforced: boolean; pamEnforced: boolean; compliant: boolean; }; }

Error Handling

The server implements comprehensive error handling:

Authentication Errors
- Token acquisition failures
- Permission issues
- Tenant configuration problems
API Errors
- Graph API request failures
- Rate limiting
- Service unavailability
Validation Errors
- Invalid arguments
- Missing required parameters
- Type mismatches
Runtime Errors
- Network issues
- Timeout problems
- Resource constraints

Example error response:

{ "error": { "code": "InvalidParams", "message": "Invalid role assignment arguments", "details": { "parameter": "userIds", "constraint": "Must have between 2 and 8 users", "received": "1 user" } } }

Testing

Run unit tests:

npm test

Run integration tests:

npm run test:integration

Run compliance tests:

npm run test:compliance

Security Considerations

Authentication
- Use secure token storage
- Implement token rotation
- Monitor for suspicious activity
API Access
- Follow least privilege principle
- Regular permission audits
- Monitor API usage
Data Protection
- No sensitive data logging
- Secure configuration storage
- Regular security scans
Compliance
- Regular compliance checks
- Automated policy verification
- Audit logging

Contributing

Fork the repository
Create a feature branch
Make your changes
Run tests
Submit a pull request

Guidelines:

Follow existing code style
Add tests for new features
Update documentation
Keep commits atomic

License

MIT

This server cannot be installed

security - not tested

license - not found

quality - not tested

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

This MCP server implements VariousPolicies according to CSA BOD 25-01 requirements for Microsoft 365 cloud services

Related MCP Servers

Dynamics 365 MCP Server
srikanth-paladugula
A
security
A
license
A
quality
A Model Context Protocol server that enables interaction with Microsoft Dynamics 365 CRM from Claude Desktop, allowing users to retrieve, create, and update CRM data through natural language.
Last updated -
5
14
MIT License
SharePoint MCP Server
Sofias-ai
A
security
A
license
A
quality
A lightweight MCP server that enables integration with Microsoft SharePoint, allowing clients to interact with documents and folders through the Model Context Protocol.
Last updated -
9
21
MIT License
Policy Analyzer API MCP Server
ag2-mcp-servers
-
security
F
license
-
quality
This MCP Server provides a natural language interface to interact with Google's Policy Analyzer API, allowing users to analyze policies and evaluate compliance through conversations.
Last updated -
Organization Policy API Server
ag2-mcp-servers
-
security
F
license
-
quality
An MCP Server that enables interaction with Google's Organization Policy API, allowing users to manage organization policies that control resource behavior within Google Cloud environments.
Last updated -

View all related MCP servers

CISA M365 MCP Server

Table of Contents

Overview

Key Features

Security Controls

MS.AAD.1.1v1

MS.AAD.2.1v1 & MS.AAD.2.3v1

MS.AAD.3.1v1, MS.AAD.3.2v1, MS.AAD.3.3v1

MS.AAD.5.1v1, MS.AAD.5.2v1, MS.AAD.5.3v1, MS.AAD.5.4v1

MS.AAD.6.1v1

MS.AAD.7.1v1 through MS.AAD.7.8v1

Architecture

Components

Data Flow

Prerequisites

Installation

Installing via Smithery

Configuration

Usage

Available Tools

block_legacy_auth

block_high_risk_users

enforce_phishing_resistant_mfa

configure_global_admins

get_policy_status

Example Usage

API Reference

Policy Settings API

Error Handling

Testing

Security Considerations

Contributing

License

Related MCP Servers

Dynamics 365 MCP Server

SharePoint MCP Server

Policy Analyzer API MCP Server

Organization Policy API Server

Appeared in Searches

New MCP Servers

MCP directory API