configure_global_admin_approval
Configure approval requirements for Global Administrator role activation to enforce security controls and prevent unauthorized privileged access in Microsoft 365 environments.
Instructions
Configure approval requirement for Global Administrator activation (MS.AAD.7.6v1)
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- cisa-m365/src/index.ts:912-936 (handler)The main handler function that implements the tool logic. It patches the roleManagementPolicies endpoint in Microsoft Graph API to enable approval requirements for Global Administrator activation.private async configureGlobalAdminApproval() { try { // Configure approval settings using Microsoft Graph API await this.graphClient .api('/policies/roleManagementPolicies') .patch({ requireApprovalForGlobalAdmin: true, approvalWorkflowEnabled: true, }); return { content: [ { type: 'text', text: 'Global Administrator approval requirement configured successfully', }, ], }; } catch (error: unknown) { throw new McpError( ErrorCode.InternalError, `Failed to configure Global Admin approval: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }
- cisa-m365/src/index.ts:270-273 (schema)The input schema for the tool, which requires no parameters (empty object).inputSchema: { type: 'object', properties: {}, },
- cisa-m365/src/index.ts:267-274 (registration)Tool registration in the list of tools provided by the MCP server, including name, description, and schema.{ name: 'configure_global_admin_approval', description: 'Configure approval requirement for Global Administrator activation (MS.AAD.7.6v1)', inputSchema: { type: 'object', properties: {}, }, },
- cisa-m365/src/index.ts:364-365 (registration)Dispatcher case in the CallToolRequest handler that routes calls to the configureGlobalAdminApproval method.case 'configure_global_admin_approval': return await this.configureGlobalAdminApproval();