block_legacy_auth
Enforce modern authentication protocols by disabling legacy authentication methods to enhance security posture in Microsoft 365 environments.
Instructions
Block legacy authentication (MS.AAD.1.1v1)
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- cisa-m365/src/index.ts:404-428 (handler)The main handler function for the 'block_legacy_auth' tool. It uses the Microsoft Graph client to patch the authentication methods policy, disabling legacy authentication.private async blockLegacyAuth() { try { // Configure authentication policy using Microsoft Graph API await this.graphClient .api('/policies/authenticationMethodsPolicy') .patch({ allowLegacyAuthentication: false, blockLegacyAuthenticationMethods: true, }); return { content: [ { type: 'text', text: 'Legacy authentication blocked successfully', }, ], }; } catch (error: unknown) { throw new McpError( ErrorCode.InternalError, `Failed to block legacy authentication: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }
- cisa-m365/src/index.ts:121-127 (registration)Registers the 'block_legacy_auth' tool in the MCP server's tool list, including its name, description, and input schema.name: 'block_legacy_auth', description: 'Block legacy authentication (MS.AAD.1.1v1)', inputSchema: { type: 'object', properties: {}, }, },
- cisa-m365/src/index.ts:123-126 (schema)Defines the input schema for the 'block_legacy_auth' tool, which takes no parameters (empty object).inputSchema: { type: 'object', properties: {}, },
- cisa-m365/src/index.ts:323-324 (registration)Dispatches calls to the 'block_legacy_auth' handler in the CallToolRequest handler switch statement.case 'block_legacy_auth': return await this.blockLegacyAuth();