Skip to main content
Glama
enesjakozh
DynamicEndpoints

BOD-25-01-CSA-Microsoft-Policy-MCP

by DynamicEndpoints
OverviewInspectSchemaRelated ServersScoreDiscussions
JavaScript
Remote

configure_role_alerts

Set up email notifications to monitor and receive alerts for privileged role assignments in Microsoft 365 environments, helping maintain security compliance with BOD 25-01 requirements.

Instructions

Configure alerts for privileged role assignments (MS.AAD.7.7v1)

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
notificationEmailsYesEmail addresses to notify on role assignments

Implementation Reference

  • cisa-m365/src/index.ts:938-965 (handler)
    The primary handler function that implements the 'configure_role_alerts' tool. It uses the Microsoft Graph API to create an alert policy for privileged role assignments, setting notification recipients to the provided email addresses.
    private async configureRoleAlerts(args: AlertSettingsArgs) { try { // Configure role assignment alerts using Microsoft Graph API await this.graphClient .api('/policies/alertPolicies') .post({ displayName: 'Privileged Role Assignment Alert', isEnabled: true, severity: 'high', category: 'roleManagement', notificationRecipients: args.notificationEmails, }); return { content: [ { type: 'text', text: 'Privileged role assignment alerts configured successfully', }, ], }; } catch (error: unknown) { throw new McpError( ErrorCode.InternalError, `Failed to configure role alerts: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }
  • cisa-m365/src/index.ts:275-291 (registration)
    Registration of the 'configure_role_alerts' tool in the ListTools response, including name, description, and input schema definition.
    { name: 'configure_role_alerts', description: 'Configure alerts for privileged role assignments (MS.AAD.7.7v1)', inputSchema: { type: 'object', properties: { notificationEmails: { type: 'array', items: { type: 'string', }, description: 'Email addresses to notify on role assignments', }, }, required: ['notificationEmails'], }, },
  • cisa-m365/src/index.ts:27-48 (schema)
    Type definition for AlertSettingsArgs (used as input for configure_role_alerts) and the corresponding type guard validator function.
    interface AlertSettingsArgs { notificationEmails: string[]; } function isRoleAssignmentArgs(args: unknown): args is RoleAssignmentArgs { if (typeof args !== 'object' || args === null) return false; const a = args as Record<string, unknown>; return ( Array.isArray(a.userIds) && a.userIds.every(id => typeof id === 'string') && typeof a.roleId === 'string' ); } function isAlertSettingsArgs(args: unknown): args is AlertSettingsArgs { if (typeof args !== 'object' || args === null) return false; const a = args as Record<string, unknown>; return ( Array.isArray(a.notificationEmails) && a.notificationEmails.every(email => typeof email === 'string') ); }
  • cisa-m365/src/index.ts:366-374 (handler)
    Dispatch handler in the CallToolRequest switch statement that validates input using isAlertSettingsArgs and calls the main configureRoleAlerts method.
    case 'configure_role_alerts': { if (!isAlertSettingsArgs(request.params.arguments)) { throw new McpError( ErrorCode.InvalidParams, 'Invalid alert settings arguments' ); } return await this.configureRoleAlerts(request.params.arguments); }

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DynamicEndpoints/Automated-BOD-25-01-CISA-Microsoft-Policies-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server