This server enables implementation and management of CISA BOD 25-01 security controls for Microsoft 365 environments through the following capabilities:
Identity & Access Management
Block legacy authentication (MS.AAD.1.1v1)
Block high-risk users and sign-ins (MS.AAD.2.1v1, MS.AAD.2.3v1)
Enforce phishing-resistant MFA for all users (MS.AAD.3.1v1) and alternative methods (MS.AAD.3.2v1)
Configure Microsoft Authenticator context (MS.AAD.3.3v1)
Enforce privileged MFA (MS.AAD.3.6v1)
Application Security
Restrict app registration and consent to admins (MS.AAD.5.1v1, MS.AAD.5.2v1)
Configure admin consent workflow (MS.AAD.5.3v1)
Block group owner consent (MS.AAD.5.4v1)
Password Policy
Disable password expiration (MS.AAD.6.1v1)
Role Management
Configure Global Admin assignments (MS.AAD.7.1v1)
Enforce granular roles (MS.AAD.7.2v1)
Enforce cloud-only accounts for privileged users (MS.AAD.7.3v1)
Enforce PAM system (MS.AAD.7.5v1)
Configure Global Admin approval (MS.AAD.7.6v1)
Configure role and admin alerts (MS.AAD.7.7v1, MS.AAD.7.8v1)
Monitoring & Compliance
Get current policy status of all CISA M365 security policies
Used for environment variable configuration to store tenant, client IDs, and secrets for authentication with Microsoft Graph API
Used for data flow diagrams to illustrate the architecture and component interactions of the MCP server
The runtime environment required to run the MCP server, with version 18.x or higher specifically listed as a prerequisite
Used for implementing the MCP server with type-safe argument validation and API interactions with Microsoft Graph
CISA M365 MCP Server
A Model Context Protocol (MCP) server implementing CISA Binding Operational Directive 25-01 security controls for Microsoft 365 (Azure AD/Entra ID).
Table of Contents
Overview
This MCP server provides tools for configuring and managing Microsoft 365 security settings in accordance with BOD 25-01 requirements. It integrates with Microsoft Graph API to enforce security controls, monitor compliance, and provide detailed reporting.
Key Features
Legacy authentication controls
Risk-based access controls
Multi-factor authentication management
Application registration and consent controls
Password policy management
Privileged role management
Cloud-only account enforcement
PAM system integration
Comprehensive compliance reporting
Token-based authentication
Type-safe argument validation
Detailed error handling and logging
Security Controls
MS.AAD.1.1v1
Due Date: 06/20/2025
Block legacy authentication:
Disables legacy authentication protocols
Reduces attack surface
Improves security posture
Implementation details:
MS.AAD.2.1v1 & MS.AAD.2.3v1
Due Date: 06/20/2025
Block high-risk users and sign-ins:
Blocks users detected as high risk
Blocks sign-ins detected as high risk
Leverages Microsoft's threat intelligence
Implementation details:
MS.AAD.3.1v1, MS.AAD.3.2v1, MS.AAD.3.3v1
Due Date: 06/20/2025
MFA configuration:
Enforces phishing-resistant MFA
Configures alternative MFA methods
Shows login context in Microsoft Authenticator
Implementation details:
MS.AAD.5.1v1, MS.AAD.5.2v1, MS.AAD.5.3v1, MS.AAD.5.4v1
Due Date: 06/20/2025
Application controls:
Restricts app registration to admins
Restricts app consent to admins
Configures admin consent workflow
Blocks group owner consent
Implementation details:
MS.AAD.6.1v1
Due Date: 06/20/2025
Password policy:
Disables password expiration
Follows modern security best practices
Implementation details:
MS.AAD.7.1v1 through MS.AAD.7.8v1
Due Date: 06/20/2025
Privileged role management:
Limits Global Administrator count
Enforces granular roles
Requires cloud-only accounts
Enforces PAM system usage
Configures approval workflows
Sets up alerting
Implementation details:
Architecture
Components
Server Class
Handles MCP protocol implementation
Manages tool registration and execution
Implements error handling and logging
Authentication
Token-based authentication with Microsoft Graph API
Automatic token refresh
Secure credential management
Graph Client
Wrapper around Microsoft Graph API
Type-safe request/response handling
Retry logic and error handling
Tools
Legacy authentication control
Risk-based access management
MFA configuration
Application control
Password policy management
Role management
Alert configuration
Policy status reporting
Data Flow
Prerequisites
Node.js 18.x or higher
Microsoft 365 tenant with admin access
Azure AD application with required permissions:
Policy.ReadWrite.All
RoleManagement.ReadWrite.All
User.Read.All
Application.ReadWrite.All
Installation
Installing via Smithery
To install CISA M365 MCP Server automatically via Smithery:
You can also directly copy the MCP settings and definitions from Smithery Protocol Directory and add the MCP server to your Claude or LLM setup that supports MCP protocol.
Clone the repository:
Install dependencies:
Build the server:
Configuration
Create Azure AD application:
Navigate to Azure Portal > Azure Active Directory
Register a new application
Add required API permissions
Create a client secret
Configure environment variables:
Edit .env
file:
Configure MCP settings:
Usage
Available Tools
block_legacy_auth
Block legacy authentication methods.
block_high_risk_users
Block users detected as high risk.
enforce_phishing_resistant_mfa
Enforce phishing-resistant MFA for all users.
configure_global_admins
Configure Global Administrator role assignments.
get_policy_status
Get current status of all security policies.
Example Usage
API Reference
Policy Settings API
Error Handling
The server implements comprehensive error handling:
Authentication Errors
Token acquisition failures
Permission issues
Tenant configuration problems
API Errors
Graph API request failures
Rate limiting
Service unavailability
Validation Errors
Invalid arguments
Missing required parameters
Type mismatches
Runtime Errors
Network issues
Timeout problems
Resource constraints
Example error response:
Testing
Run unit tests:
Run integration tests:
Run compliance tests:
Security Considerations
Authentication
Use secure token storage
Implement token rotation
Monitor for suspicious activity
API Access
Follow least privilege principle
Regular permission audits
Monitor API usage
Data Protection
No sensitive data logging
Secure configuration storage
Regular security scans
Compliance
Regular compliance checks
Automated policy verification
Audit logging
Contributing
Fork the repository
Create a feature branch
Make your changes
Run tests
Submit a pull request
Guidelines:
Follow existing code style
Add tests for new features
Update documentation
Keep commits atomic
License
MIT
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
This MCP server implements VariousPolicies according to CSA BOD 25-01 requirements for Microsoft 365 cloud services
Related MCP Servers
- AsecurityAlicenseAqualityA Model Context Protocol server that enables interaction with Microsoft Dynamics 365 CRM from Claude Desktop, allowing users to retrieve, create, and update CRM data through natural language.Last updated -514MIT License
- AsecurityAlicenseAqualityA lightweight MCP server that enables integration with Microsoft SharePoint, allowing clients to interact with documents and folders through the Model Context Protocol.Last updated -921MIT License
- -securityFlicense-qualityThis MCP Server provides a natural language interface to interact with Google's Policy Analyzer API, allowing users to analyze policies and evaluate compliance through conversations.Last updated -
- -securityFlicense-qualityAn MCP Server that enables interaction with Google's Organization Policy API, allowing users to manage organization policies that control resource behavior within Google Cloud environments.Last updated -