BOD-25-01-CSA-Microsoft-Policy-MCP

Overview Inspect Schema Related Servers Score Discussions

enforce_privileged_mfa

Enforce phishing-resistant multi-factor authentication for privileged Microsoft 365 roles to comply with CSA BOD 25-01 security requirements.

Instructions

Enforce phishing-resistant MFA for privileged roles (MS.AAD.3.6v1)

Input Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Implementation Reference

cisa-m365/src/index.ts:614-650 (handler)
The handler function `enforcePrivilegedMFA` that implements the tool logic by creating a Conditional Access Policy via Microsoft Graph API. It requires phishing-resistant MFA (FIDO2 or Windows Hello for Business) for privileged roles such as Global Administrator and Privileged Role Administrator.
private async enforcePrivilegedMFA() { try { // Configure MFA for privileged roles using Microsoft Graph API await this.graphClient .api('/policies/conditionalAccessPolicies') .post({ displayName: 'Require Phishing-resistant MFA for Privileged Roles', state: 'enabled', conditions: { applications: { includeApplications: ['all'], }, users: { includeRoles: ['Global Administrator', 'Privileged Role Administrator'], }, }, grantControls: { operator: 'AND', builtInControls: ['fido2', 'windowsHelloForBusiness'], }, }); return { content: [ { type: 'text', text: 'Phishing-resistant MFA enforced for privileged roles successfully', }, ], }; } catch (error: unknown) { throw new McpError( ErrorCode.InternalError, `Failed to enforce privileged MFA: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }
cisa-m365/src/index.ts:176-183 (registration)
Registration of the 'enforce_privileged_mfa' tool in the MCP server's tool list, specifying name, description, and input schema (empty object, no parameters required).
{ name: 'enforce_privileged_mfa', description: 'Enforce phishing-resistant MFA for privileged roles (MS.AAD.3.6v1)', inputSchema: { type: 'object', properties: {}, }, },
cisa-m365/src/index.ts:337-338 (registration)
Dispatch in the CallToolRequest handler switch statement that routes calls to the 'enforce_privileged_mfa' tool to the `enforcePrivilegedMFA` method.
case 'enforce_privileged_mfa': return await this.enforcePrivilegedMFA();
cisa-m365/src/index.ts:179-182 (schema)
Input schema for the tool, defining an empty object (no input parameters required).
inputSchema: { type: 'object', properties: {}, },

Latest Blog Posts

Federated Learning with MCP: Building Privacy-Preserving Agents Across Distributed Edges
By Om-Shree-0709 on December 21, 2025.
Secure
mcp
Learning
What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DynamicEndpoints/Automated-BOD-25-01-CISA-Microsoft-Policies-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server