Skip to main content
Glama
enesjakozh
DynamicEndpoints

BOD-25-01-CSA-Microsoft-Policy-MCP

by DynamicEndpoints
OverviewInspectSchemaRelated ServersScoreDiscussions
JavaScript
Remote

get_policy_status

Check the current status of CISA M365 security policies to verify compliance with BOD 25-01 requirements for Microsoft 365 cloud services.

Instructions

Get current status of all CISA M365 security policies

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault

No arguments

Implementation Reference

  • cisa-defender/cisa-exchange/src/index.ts:274-309 (handler)
    Handler function for get_policy_status tool in CISA Exchange Online server. Fetches current status of Exchange policies via Microsoft Graph API and returns JSON.
    private async getPolicyStatus() { try { if (!this.graphClient) { throw new Error('Graph client not initialized'); } const results = { policies: EXO_POLICIES, currentStatus: { externalForwarding: await this.graphClient.api('/admin/exchangeSettings/externalForwarding').get(), spfPolicies: await this.graphClient.api('/admin/domains/spfRecords').get(), dmarcPolicies: await this.graphClient.api('/admin/domains/dmarcRecords').get(), smtpAuth: await this.graphClient.api('/admin/exchangeSettings/smtpAuth').get(), sharingPolicies: await this.graphClient.api('/admin/exchangeSettings/sharingPolicies').get(), externalSenderWarning: await this.graphClient.api('/admin/exchangeSettings/externalSenderWarning').get(), mailboxAudit: await this.graphClient.api('/admin/exchangeSettings/mailboxAudit').get() } }; return { content: [ { type: 'text', text: JSON.stringify(results, null, 2) } ] }; } catch (error) { const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred'; throw new McpError( ErrorCode.InternalError, `Failed to get policy status: ${errorMessage}` ); } }
  • cisa-defender/src/index.ts:324-354 (handler)
    Handler function for get_policy_status tool in CISA Defender server. Retrieves status of Defender policies using Graph API.
    private async getPolicyStatus() { try { if (!this.graphClient) { throw new Error('Graph client not initialized'); } const results = { policies: DEFENDER_POLICIES, currentStatus: { securityPolicies: await this.graphClient.api('/security/securityPresetPolicies').get(), piiProtection: await this.graphClient.api('/security/sensitiveTypes').get(), auditConfig: await this.graphClient.api('/security/auditLogs/config').get() } }; return { content: [ { type: 'text', text: JSON.stringify(results, null, 2) } ] }; } catch (error) { const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred'; throw new McpError( ErrorCode.InternalError, `Failed to get policy status: ${errorMessage}` ); } }
  • cisa-m365/src/index.ts:996-1132 (handler)
    Handler function for get_policy_status tool in CISA M365 server. Comprehensive status check across multiple M365 security policies via Graph API.
    private async getPolicyStatus() { try { // Get current settings using Microsoft Graph API const [ authPolicy, securityDefaults, conditionalAccess, authMethods, appRegistration, appConsent, adminConsent, groupConsent, passwordPolicy, roleManagement, privilegedAccess, alertPolicies, ] = await Promise.all([ this.graphClient.api('/policies/authenticationMethodsPolicy').get(), this.graphClient.api('/policies/identitySecurityDefaultsEnforcementPolicy').get(), this.graphClient.api('/policies/conditionalAccessPolicies').get(), this.graphClient.api('/policies/authenticationMethodsPolicy').get(), this.graphClient.api('/policies/applicationRegistrationManagement').get(), this.graphClient.api('/policies/appConsentPolicy').get(), this.graphClient.api('/policies/adminConsentRequestPolicy').get(), this.graphClient.api('/policies/groupConsentPolicy').get(), this.graphClient.api('/policies/passwordPolicy').get(), this.graphClient.api('/policies/roleManagementPolicies').get(), this.graphClient.api('/policies/privilegedAccessPolicy').get(), this.graphClient.api('/policies/alertPolicies').get(), ]); const status = { legacyAuthentication: { blocked: !authPolicy.allowLegacyAuthentication, compliant: !authPolicy.allowLegacyAuthentication, }, highRiskUsers: { blocked: securityDefaults.blockHighRiskUsers, compliant: securityDefaults.blockHighRiskUsers, }, highRiskSignins: { blocked: conditionalAccess.value.some((policy: any) => policy.displayName === 'Block High Risk Sign-ins' && policy.state === 'enabled' ), compliant: true, }, phishingResistantMFA: { enforced: authMethods.policies.fido2.isEnabled && authMethods.policies.windowsHelloForBusiness.isEnabled, compliant: true, }, alternativeMFA: { enforced: authMethods.policies.microsoftAuthenticator.isEnabled, compliant: true, }, authenticatorContext: { configured: authMethods.policies.microsoftAuthenticator.showContextInformationInNotifications, compliant: true, }, authMethodsMigration: { completed: authMethods.migrationState === 'completed', compliant: true, }, appRegistration: { restrictedToAdmins: appRegistration.restrictAppRegistration && appRegistration.restrictNonAdminUsers, compliant: true, }, appConsent: { restrictedToAdmins: appConsent.isEnabled && appConsent.requireAdminConsentForNewApps, compliant: true, }, adminConsent: { workflowConfigured: adminConsent.isEnabled, compliant: true, }, groupConsent: { blocked: groupConsent.blockGroupOwnerConsentForApps, compliant: true, }, passwordExpiry: { disabled: passwordPolicy.passwordExpirationPolicy.neverExpire, compliant: true, }, globalAdmins: { count: await this.getGlobalAdminCount(), compliant: true, }, granularRoles: { enforced: roleManagement.enforceGranularRoles, compliant: true, }, cloudAccounts: { enforced: securityDefaults.requireCloudOnlyPrivilegedAccounts, compliant: true, }, pamEnforcement: { enabled: privilegedAccess.requirePAMForPrivilegedRoles, compliant: true, }, globalAdminApproval: { required: roleManagement.requireApprovalForGlobalAdmin, compliant: true, }, roleAlerts: { configured: alertPolicies.value.some((policy: any) => policy.displayName === 'Privileged Role Assignment Alert' && policy.isEnabled ), compliant: true, }, adminAlerts: { configured: alertPolicies.value.some((policy: any) => policy.displayName === 'Global Administrator Activation Alert' && policy.isEnabled ), compliant: true, }, }; return { content: [ { type: 'text', text: JSON.stringify(status, null, 2), }, ], }; } catch (error: unknown) { throw new McpError( ErrorCode.InternalError, `Failed to get policy status: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }
  • cisa-defender/cisa-exchange/src/index.ts:143-150 (registration)
    Registration of the get_policy_status tool in the listTools response, including empty input schema.
    { name: 'get_policy_status', description: 'Get current status of all CISA Exchange Online policies', inputSchema: { type: 'object', properties: {} } },
  • cisa-defender/cisa-exchange/src/index.ts:146-149 (schema)
    Input schema for get_policy_status tool: empty object (no parameters required).
    inputSchema: { type: 'object', properties: {} }

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DynamicEndpoints/Automated-BOD-25-01-CISA-Microsoft-Policies-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server