block_high_risk_signins
Automatically blocks user sign-ins identified as high-risk to prevent unauthorized access and protect Microsoft 365 cloud services.
Instructions
Block sign-ins detected as high risk (MS.AAD.2.3v1)
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- cisa-m365/src/index.ts:456-493 (handler)The handler function that executes the tool by creating a Conditional Access Policy to block high-risk sign-ins via the Microsoft Graph API.private async blockHighRiskSignins() { try { // Configure sign-in risk policy using Microsoft Graph API await this.graphClient .api('/policies/conditionalAccessPolicies') .post({ displayName: 'Block High Risk Sign-ins', state: 'enabled', conditions: { signInRiskLevels: ['high'], applications: { includeApplications: ['all'], }, users: { includeUsers: ['all'], }, }, grantControls: { operator: 'OR', builtInControls: ['block'], }, }); return { content: [ { type: 'text', text: 'High-risk sign-ins blocked successfully', }, ], }; } catch (error: unknown) { throw new McpError( ErrorCode.InternalError, `Failed to block high-risk sign-ins: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }
- cisa-m365/src/index.ts:136-143 (registration)Registers the 'block_high_risk_signins' tool in the MCP tools list, including its description and input schema (empty object).{ name: 'block_high_risk_signins', description: 'Block sign-ins detected as high risk (MS.AAD.2.3v1)', inputSchema: { type: 'object', properties: {}, }, },
- cisa-m365/src/index.ts:327-328 (registration)Dispatches tool calls named 'block_high_risk_signins' to the corresponding handler method in the CallToolRequestSchema handler.case 'block_high_risk_signins': return await this.blockHighRiskSignins();
- cisa-m365/src/index.ts:139-143 (schema)Defines the input schema for the tool as an empty object (no parameters required).inputSchema: { type: 'object', properties: {}, }, },