block_high_risk_users
Block users identified as high risk to prevent unauthorized access and protect Microsoft 365 cloud services from security threats.
Instructions
Block users detected as high risk (MS.AAD.2.1v1)
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- cisa-m365/src/index.ts:430-454 (handler)The handler function that implements the core logic of the 'block_high_risk_users' tool by patching the identitySecurityDefaultsEnforcementPolicy to enable blocking of high-risk users.private async blockHighRiskUsers() { try { // Configure risk detection policy using Microsoft Graph API await this.graphClient .api('/policies/identitySecurityDefaultsEnforcementPolicy') .patch({ blockHighRiskUsers: true, riskLevelForBlocking: 'high', }); return { content: [ { type: 'text', text: 'High-risk users blocked successfully', }, ], }; } catch (error: unknown) { throw new McpError( ErrorCode.InternalError, `Failed to block high-risk users: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }
- cisa-m365/src/index.ts:128-135 (registration)Registration of the 'block_high_risk_users' tool in the listTools handler, including name, description, and input schema (empty).{ name: 'block_high_risk_users', description: 'Block users detected as high risk (MS.AAD.2.1v1)', inputSchema: { type: 'object', properties: {}, }, },
- cisa-m365/src/index.ts:131-134 (schema)Input schema definition for the 'block_high_risk_users' tool (no parameters required).inputSchema: { type: 'object', properties: {}, },
- cisa-m365/src/index.ts:325-326 (handler)Dispatch case in the CallToolRequest handler that routes to the blockHighRiskUsers method.case 'block_high_risk_users': return await this.blockHighRiskUsers();