block_high_risk_users
Automatically block users identified as high-risk to prevent unauthorized access and protect Microsoft 365 cloud services according to CSA BOD 25-01 security requirements.
Instructions
Block users detected as high risk (MS.AAD.2.1v1)
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- cisa-m365/src/index.ts:430-454 (handler)The handler function that executes the tool logic by updating the identitySecurityDefaultsEnforcementPolicy to block high-risk users via Microsoft Graph API.private async blockHighRiskUsers() { try { // Configure risk detection policy using Microsoft Graph API await this.graphClient .api('/policies/identitySecurityDefaultsEnforcementPolicy') .patch({ blockHighRiskUsers: true, riskLevelForBlocking: 'high', }); return { content: [ { type: 'text', text: 'High-risk users blocked successfully', }, ], }; } catch (error: unknown) { throw new McpError( ErrorCode.InternalError, `Failed to block high-risk users: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }
- cisa-m365/src/index.ts:129-135 (registration)Registers the tool in the ListTools response, including name, description, and input schema (empty object).name: 'block_high_risk_users', description: 'Block users detected as high risk (MS.AAD.2.1v1)', inputSchema: { type: 'object', properties: {}, }, },
- cisa-m365/src/index.ts:325-326 (registration)The switch case in CallToolRequest handler that routes the tool call to the blockHighRiskUsers method.case 'block_high_risk_users': return await this.blockHighRiskUsers();
- cisa-m365/src/index.ts:132-134 (schema)The input schema for the tool, which is an empty object indicating no parameters are required.type: 'object', properties: {}, },
- cisa-m365/src/index.ts:1032-1035 (helper)Helper check in get_policy_status tool to report the status of high-risk user blocking.highRiskUsers: { blocked: securityDefaults.blockHighRiskUsers, compliant: securityDefaults.blockHighRiskUsers, },